Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a certificate on a Checkpoint VPN appliance

Install the certificate

  1. Save the .cer file provided in the delivery email
  2. Go to the Checkpoint Gateway page > VPN
  3. Under Certificate List click Complete
  4. Select the .cer file and click OK

Activate the certificate for use with SSL Extender

  1. Edit the gateway/cluster object and select Remote Access > VPN Clients
  2. Select the new certificate created in the drop-down list under "The gateway authenticates with this certificate" section and click OK
  3. Push the policy to the gateway/cluster

Import the certification chain on Checkpoint VPN

Reminder: You need to install the certification chain BEFORE generating your CSR to be able to install your SSL certificate on Checkpoint afterward. Further information here.

If you have to go through this procedure, you can ask for a "re-issuance" of your certificate, and regenerate a CSR. To request a re-issuance, go on your certificate status page and click on the "Reissue" button (it is not displayed if the free reissuance is not possible).

Import all the chain certificates as TRUSTED before generating your CSR. Select the root certificate and the intermediates matching your product here:Authorities certificates. If you have a doubt, contact our staff to know which element to import for the product you are about to buy.

Follow the procedure here under for each element (starting with the root):

Add an authority certificate to your Checkpoint:

  1. Go to Manage - Servers and OPSEC Applications
  2. Create a New Certificate Authority > Trusted (OPSEC PKI)
  3. Name it like the certificate to import. On the OPSEC PKI, select HTTP Servers. Click Get and point to the Certificate to import.
Do it again as many times as needed.