This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ChoiYunSoo
Contributor
‎2024-05-13 09:42 PM

When renewing the https inspection cert, can I use a certificate from another management server?

Hi

 

The client's HTTPS Inspection Cert expires within 6 months.

So I plan to work on replacing the certificate soon.

 

But I have a problem.

As far as I know, if you press the certification renew button at checkpoint, the cert is automatically renewed.

As a result, there may be cases where the checkpoint gateway has 'new cert' and the client PC has 'old cert'.

the period for distributing certificates to clients after renewal is too short.

 

So I would like to distribute the certificate a week to a month in advance.

I would like to know if there is any problem if I proceed with the process below.

 

1. Issue https inspection cert from another management server

2. Distributed to clients about a month ago (GPO)

3. Import a certificate distributed by another management server to the actual server.

4. policy install an monitoring

 

 

What I am most curious about here is whether it is okay to use a certificate issued by another management server.

I don't think there will be any technical problems, and when referring to the "best parctice", I didn't see any issues.

 

Are there any problems that may arise when proceeding with step 4 above?

 

 

0 Kudos
3 Replies
emmap
Employee
Employee
‎2024-05-13 11:17 PM

A Renewed certificate is different from a New cert - I think the existing certificate that is pushed out should still work after the cert is renewed, while you then get that renewed cert pushed out. I've not tested this though so if someone could confirm that would be great.

0 Kudos
ChoiYunSoo
Contributor
‎2024-05-14 12:26 AM
In response to emmap

thank you for your reply

 

I wrote this because I also needed the opinion of someone who had experienced it accurately.

The checkpoint guide document is not clearly expressed, so it is difficult to make an accurate judgment.

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-14 10:09 AM

The HTTPS Inspection certificate is a CA certificate.
This is necessary as certificates are generated and signed on the fly based on where users are surfing to.
It is completely unrelated to the ICA of your existing management server; thus any one can be used provided clients can be configured to trust it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events