This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
dwilliams-dmu
Participant
‎2022-01-14 07:20 AM

This whole thread is full of really great questions.  Questions that I have not seen any good answers to from Checkpoint anywhere. The fact that you can't generate a CSR without a CA is beyond bizarre to me and I can't think of any good reason for that.  The additional limitations to having more than one certificate to a "CA object" and not being able to have two identical cert chains referenced in different "CAs objects" make it impossible to use two certificates from the same CA using the same cert chain.

Certificate changes are a routine operational task and it should be as simple as generate a CSR (no need for CA cert chain ahead of time) get the CSR signed by 3rd party, upload signed certificate bundle to complete the installation, and then change the reference to the certificate used for whichever service needs a cert change.  None of that should be disruptive in any way and when the certificate reference is changed the new public key and certificate get provided for any connections established after that point.  Fallback is as simple as changing the reference back to the old certificate.  

I am blown away at how complicated such a simple task is for Checkpoint to pull off.

(1)
Who rated this post