Installing a Third Party Certificate for SNX

The purpose of this document is to explain the process for installing a third party certificate for SNX. “Third Party” means any certificate not issued by the Check Point ICA (Internal Certificate Authority) and in this document specifically refers to the Free Trial Certificate offered by Verisign.

Disclaimer: Any statements contained herein are those of the author and in no way reflect the views of Check Point Software Technologies or Verisign.

Getting Started

 Prerequisite: A standalone or distributed firewall installation on versions NGX R65 or R70 (looks basically the same)

 The steps for installing this certificate are as follows:

1.      Finding the Root CA certificate

2.      Import the Trial CA certificate into the browser

3.      Create a Trusted CA Object for the external CA

4.      Import the CA certificate into the Trusted CA object

5.      Assign the CA certificate to the Gateway Object

6.      Create a CSR (certificate signing request) from the Trusted CA Object

7.      Import the signed certificate from the CSR

8.      Apply the signed certificate to SNX

When you are ready for a real certificate see Using a Real Certificate

Go to Page 2