I have tested the site to site vpn between checkpoint and DAIP gateway(Strongswan ipsec in Ubuntu) with RSA auth in lab and able to bring the tunnel up.

During the testing I encountered below issue on Strongswan ipsec side,

• Checkpoint is sending MM packet 6, but Strongswan ipsec is dropping with error “no trusted RSA public key found for <ip address>”.
• The Strongswan ipsec is expecting the peer identity(peer IP in my case) to be present on checkpoint certificate's Subject Alternate Name.
• The checkpoint default certificate will have CN as hostname and SAN as management IP.
• I resolved it by creating new certificate with SAN contains identity IP.
• In checkpoint only one internal_ca signed certificate can be created for IPsec, So to create new certificate I used 3rd party CA.

My query is about adding new 3rd party signed certificate on gateway ipsec properties, can it cause any issue to existing vpn? As per my understanding it should not cause negative impact. Please clarify whether my understanding is correct or wrong.