This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
GHaider
Contributor
‎2025-11-27 02:02 AM
In response to Nüüül

i also have taken this to checkpoint support, and they said i should submit a RFE via checkpoint office...

...funny thing is that they don't seem to know there own product, because with R82 API you can already do all the needed certificate settings...

see https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/set-simple-cluster~v2.0.1

for example:

add via api:
mgmt_cli --root true set simple-cluster name "CLUSTER" vpn-settings.certificates.add.name "testcertdeleteme" vpn-settings.certificates.add.certificate-authority "HARICA_TLS_RSA_Root_CA_2021" vpn-settings.certificates.add.enrollment.enrollment-settings.distinguished-name "CN=commonname.com,O=Org,ST=Vienna,C=AT" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.1.name-type "fqdn" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.1.value "3.commonname.com" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.2.name-type "fqdn" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.2.value "firewall.commonname.com"
remove via api:
mgmt_cli --root true set simple-cluster name "CLUSTER" vpn-settings.certificates.remove "cername_exp20251113" ignore-warnings "true"

usercheck portal would be:

mgmt_cli --root true set simple-cluster name "CLUSTER" usercheck-portal-settings.certificate-settings

so if you have the certificate via acme, you can import it via api, at least on R82

(1)
Who rated this post