Entrust Certificate Services Support Knowledge Base
Last Modified: 2011-08-16 10:01:20.0
TN 8025 - How do I install my certificate on a Checkpoint VPN appliance?Question: How do I install my certificate on a Checkpoint VPN appliance?
Obtain latest Entrust root certificate from:
The appropriate cross certificate is presented to you when you obtain your certificate.
Step 1: Add the Entrust root certificate to your Checkpoint firewall:
1 - Go to Manage - Servers and OPSEC Applications.
2 - Create a New Certificate Authority > Trusted (OPSEC PKI).
3 – Name it Entrust_2048root. On the OPSEC PKI screen, select HTTP Servers. Click Get and point to the Entrust 2048 root certificate file that you downloaded.
Step 2: Add the Entrust L1C cross certificate:
1 - Goto Manage - Servers and OPSEC Applications
2 - Create a New Certificate Authority -> Trusted (OPSEC PKI)
3 – Name it Entrust_intermediate. On OPSEC PKI screen, select HTTP Servers. Click Get and point to Entrust intermediate certificate file that you downloaded.
Step 3: Generate your CSR:
1 - Click Add to add a new certificate to the Certificate List using intermediate CA that was created.
2 - Click Generate to have the system create a Certificate Signing Request (CSR).
3 - Enable the box Define Alternate Names and pick an FQDN and email from the drop-down list.
4 - Click Add [FQDN]. Enter your alias FQDN. Click Add [email] and enter your email address.
5 - Click View and copy the text to the clipboard or save it to a text file (including BEGIN, END and
Once you have your CSR, you can submit it to Entrust to be signed. Entrust will then send you back your certificate.
Step 4: Install the certificate:
1 – Copy the certificate into Notepad and save it as entrust.cer.
2 – Go to the Checkpoint Gateway page > VPN.
3 – Under Certificate List click Complete.
4 – Select the entrust.cer file that you created and click OK.
Step 5: Select the Entrust certificate for use with SSL Extender
1- Edit the gateway/cluster object and select Remote Access > SSL Clients.
2- Select the new Entrust certificate created in the drop-down list under the The gateway authenticates with this certificate: section and click OK.
3- Push the policy to the gateway/cluster.
You have now installed an Entrust certificate on a Checkpoint VPN appliance.