This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RioAung
Contributor
‎2022-08-24 05:42 PM

how to import private key

Hi,

i would like to import private key on checkpoint . i am using  5600 security appliance.

My plan is i want to deploy using certificate.I will use third party certificate.

for example , i don't want to generate CSR from checkpoint. i will generate root cert ,private key and certificate for checkpoint by using openssl or other certificate server. This private will help to generate public key and map to VPN.

i will use this certificate for VPN. This process can do on cisco,hp and huwawei.

But i cannot find the reference for checkpoint.

Please let me know how to import private key and how to map this key to VPN certificate point ?

 

Labels
0 Kudos
5 Replies
the_rock
Legend
Legend
‎2022-08-24 06:22 PM

Not sure if below may help...

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
delToro1
Contributor
‎2022-08-25 02:19 AM

Hello RioAung,

I think you can generate the CSR directly from the SGW, after that, you can export it and sign the certificate externally using your prefered method (openssl, any app, or what you want).

Once you have the certificate signed with a third-party CA, not the ICA, you have to complete the procedure and import the certificate, the CRT.

 

Export the CSR

unsigned.png

Import the CRT:

signed.png

You have to import the 3-Party-CA as Trusted, type OPSEC PKI

 

Are you going to deploy a Site-to-site certificate based VPN? Check that post:

https://ciberseguridad.blog/check-point-vpn-ipsec-certificated-based/

 

Best regards!

0 Kudos
Gary_Fowler
Explorer
‎2023-08-08 06:02 AM

To my knowledge, checkpoint does not have the ability to import an existing private key, with certificate, into a gateways's IPSec VPN key DB.   It would be a simple thing to code, but unfortunately, CheckPoint has not done for reason's I can not fathom.

If you need to use an existing certificate with existing key, then enabling Mobile Access Blade does give you the ability to import a key/cert pair in pkcs12 format..  But it will only be presented by the tcp/443 listener on the gateway; not the IPSec VPN IKE daemon.

Pretty piss poor in my opinion..  again, should be easy to code.. but has never been done.

Maybe someone knows a way to import a private key into a gateway object using CLI commands on the management server..  anyone?

 

0 Kudos
_Val_
Admin
Admin
‎2023-08-08 08:13 AM
In response to Gary_Fowler

@Gary_Fowler Incorrect. You can use external certificates for anything, IPsec VPN included. Please refer to the admin guide.

0 Kudos
DH
Contributor
‎2024-04-25 08:30 AM
In response to _Val_

I didn't found the point to import existing key to gateway, too. Could you explain how that is possible? I need it for import a wildcard key for VPN client dial-in to authenticate the gateway by themself.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events