CheckMates Toolbox Contest 2024
Submit a Tool for a Chance to WIN a $300 or $50 Gift Card!
May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
Harmony Endpoint:
Packing a Punch in 2024
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
The Difference Is In The Details
Short answer: the gateway has the private key, both have the public key.
This is consistent with how the RSA cryptosystem works, which is the basis for IPsec VPN, TLS, SIC, and others.
VPN Certificates come from the Internal Certificate Authority (ICA), which exists on the management and is based on the
Whether it's a device separate from the gateway or the same device (i.e. locally managed) doesn't matter.
When a Check Point gateway is first installed, it generates a unique private key, which is then signed by the ICA when SIC is established.
Much like when you issue a Certificate Signing Request for a certificate to a public CA for a website, the ICA does not need to know the gateway's private key in order to sign the certificate.
We do not provide a mechanism to export private keys from the gateway.
It is trivial (and more secure) to generate a new keypair signed by the same Certificate Authority as before.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
