Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RioAung
Contributor

how to import private key

Hi,

i would like to import private key on checkpoint . i am using  5600 security appliance.

My plan is i want to deploy using certificate.I will use third party certificate.

for example , i don't want to generate CSR from checkpoint. i will generate root cert ,private key and certificate for checkpoint by using openssl or other certificate server. This private will help to generate public key and map to VPN.

i will use this certificate for VPN. This process can do on cisco,hp and huwawei.

But i cannot find the reference for checkpoint.

Please let me know how to import private key and how to map this key to VPN certificate point ?

 

0 Kudos
5 Replies
the_rock
Legend
Legend

0 Kudos
delToro1
Contributor

Hello RioAung,

I think you can generate the CSR directly from the SGW, after that, you can export it and sign the certificate externally using your prefered method (openssl, any app, or what you want).

Once you have the certificate signed with a third-party CA, not the ICA, you have to complete the procedure and import the certificate, the CRT.

 

Export the CSR

unsigned.png

Import the CRT:

signed.png

You have to import the 3-Party-CA as Trusted, type OPSEC PKI

 

Are you going to deploy a Site-to-site certificate based VPN? Check that post:

https://ciberseguridad.blog/check-point-vpn-ipsec-certificated-based/

 

Best regards!

0 Kudos
Gary_Fowler
Explorer

To my knowledge, checkpoint does not have the ability to import an existing private key, with certificate, into a gateways's IPSec VPN key DB.   It would be a simple thing to code, but unfortunately, CheckPoint has not done for reason's I can not fathom.

If you need to use an existing certificate with existing key, then enabling Mobile Access Blade does give you the ability to import a key/cert pair in pkcs12 format..  But it will only be presented by the tcp/443 listener on the gateway; not the IPSec VPN IKE daemon.

Pretty piss poor in my opinion..  again, should be easy to code.. but has never been done.

Maybe someone knows a way to import a private key into a gateway object using CLI commands on the management server..  anyone?

 

0 Kudos
_Val_
Admin
Admin

@Gary_Fowler Incorrect. You can use external certificates for anything, IPsec VPN included. Please refer to the admin guide.

0 Kudos
DH
Contributor

I didn't found the point to import existing key to gateway, too. Could you explain how that is possible? I need it for import a wildcard key for VPN client dial-in to authenticate the gateway by themself.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events