CSR Creation for a Checkpoint VPN Appliance (Root Certificate, Intermediate Certificate & Request CSR)

http://www.digicert.com/csr-creation-checkpoint-vpn.htm

Add a Root Certificate and Subordinate (Intermediate Certificate) & Request CSR

Open the SmartDashboard so you can see all of your network devices.

Right Click on Trusted CAs > New CA > Trusted...

Give it a name: e.g. DigiCert_Root. (http servers needs to be checked in the 2nd tab for that)
then click the OPSEC PKI tab.

Click the Get Button and open the file 'TrustedRoot.crt' that DigiCert sent to you.

When asked 'Do you accept this certificate authority certificate?' click Ok.

Right Click Trusted CAs > New CA > Subordinate...

Give it a name: e.g. DigiCertCA_Intermediate.
Then click the OPSEC PKI tab and click Get and find DigiCertCA.crt file.
Then click Ok to trust this certificate.

Gateway Cluster > VPN > Add > Certificate Nickname (e.g. FQDN)
Open the Device properties for the device you want the SSL certificate to be sent out from, click 'Add' to create a CSR.

Create a Nickname for the certificate (e.g. DigiCert or yourdomain.com).
For the CA to enroll from choose the intermediate you made (e.g. DigiCert_Intermediate).
Then click the Generate button.

When a popup window says this can't be undone, click Yes.

Enter all of the CSR details into a single line including your country code.DN:CN=vpn.yourdomain.com,O=Your Company Inc,L=City,ST=State,C=USThen click Ok. If you are getting a SAN certificate click 'Define Alternate Names' and specifies those when prompted.

Click View to see the CSR, then choose to either 'Copy to Clipboard' / 'Save to file' for re-entering in the order form.

Then during the DigiCert ordering process for Server type: Choose 'Other', then when prompted you can upload or paste your CSR file.