Tuesday, September 10, 2013

CSR Creation for a Checkpoint VPN Appliance (Root Certificate, Intermediate Certificate & Request CSR)

http://www.digicert.com/csr-creation-checkpoint-vpn.htm

Add a Root Certificate and Subordinate (Intermediate Certificate) & Request CSR



  • Open the SmartDashboard so you can see all of your network devices.
  • Right Click on Trusted CAs > New CA > Trusted...
    create new trusted CA for Checkpoint CSR Creation
  • Give it a name: e.g. DigiCert_Root. (http servers needs to be checked in the 2nd tab for that)
    then click the OPSEC PKI tab.
    new SSL root certificate name for Checkpoint VPN
  • Click the Get Button and open the file 'TrustedRoot.crt' that DigiCert sent to you.
    Get Certificate button from Checkpoint VPN OPSEC PKI tab
  • When asked 'Do you accept this certificate authority certificate?' click Ok.
    Checkpoint SSL VPN Accept Certificate Authority Certificate
  • Right Click Trusted CAs > New CA > Subordinate...
    create new Subordinate CA for Checkpoint CSR Creation process
  • Give it a name: e.g. DigiCertCA_Intermediate.
    Then click the OPSEC PKI tab and click Get and find DigiCertCA.crt file.
    Then click Ok to trust this certificate.
    Chekpoint new Subordinate CSA details
  • Gateway Cluster > VPN > Add > Certificate Nickname (e.g. FQDN)
    Open the Device properties for the device you want the SSL certificate to be sent out from, click 'Add' to create a CSR.
    Checkpoint Add CSR button
  • Create a Nickname for the certificate (e.g. DigiCert or yourdomain.com).
    For the CA to enroll from choose the intermediate you made (e.g. DigiCert_Intermediate).
    Then click the Generate button.
    Generate new CSR from Subordinate CA
  • When a popup window says this can't be undone, click Yes.
    Generation of certificate cannot be undone
  • Enter all of the CSR details into a single line including your country code.DN:CN=vpn.yourdomain.com,O=Your Company Inc,L=City,ST=State,C=USThen click Ok. If you are getting a SAN certificate click 'Define Alternate Names' and specifies those when prompted.
    Enter CSR details DN:...
  • Click View to see the CSR, then choose to either 'Copy to Clipboard' / 'Save to file' for re-entering in the order form.
    View CSR details
  • Then during the DigiCert ordering process for Server type: Choose 'Other', then when prompted you can upload or paste your CSR file.

  • No comments: