Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2018-01-24 16:25:43.0

Certificate Signing Request (CSR) Help: CheckPoint

Article Number: 46526

User-added image
Certificate Signing Request (CSR) Help
CheckPoint

Before you begin...

  • Never share private keys files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.

How to generate a CSR using CheckPoint appliance:

Before generating a CSR you will need to install the Root and Intermediate certificates into the Trusted CAs and Subordinate CAs.

This is a three step process:
1) Installing the Entrust Root certificate
2) Installing the Intermediate certificates
3) Creating the CSR

Part 1 of 3: Installing the Entrust Root Certificate

1. Open SmartDashboard and select the Servers and OPSEC tab. Right click on Trusted CAs, select New CA and click on “Trusted…”

 

2. The Certificate Authority Properties window will appear. In the General tab, give the Root certificate a name such as “Entrust_Root”. The comment section is not mandatory but can be used to provide more information about the certificate.

3. Select the OPSEC PKI tab and click on the “Get” button. This will allow you to select the Entrust Root certificate

4. Locate the Entrust Root certificate commonly named Root.crt and click on Open.

5. The Certificate Authority Certificate View window will appear. Details of the Root certificate will be displayed in the message box. Click OK to accept this certificate as a Certificate Authority.

6. You will then return to the Certificate Authority Properties window in the OPSEC PKI tab. Make sure “HTTP Server(s)” is checked and click OK.

7. The Entrust_Root CA will now be listed under Trusted CAs.

Part 2 of 3: Installing the Intermediate Certificates

1. Open SmartDashboard and select the Servers and OPSEC tab. Right click on Trusted CAs, select New CA and click on “Subordinate...”

2. The Certificate Authority Properties window will appear.  Enter a name for the Entrust Intermediate and a comment if necessary.

User-added image

3. Click on the OPSEC PKI tab and click the Get button.

4. Next you will need to select the Entrust Intermediate file Intermediate.crt. Click Open button once you’ve selected the file.

User-added image

 

5. The Certificate Authority Certificate View window will appear. Details of the Intermediate certificate will be displayed in the message box. Click OK to accept this certificate as a Certificate Authority Certificate.

User-added image

 

6. The Entrust_Intermediate will now appear under Subordinate CAs.

User-added image

 

You should now have all the required certificates installed in your SmartDashboard. The image below shows the Entrust Root and Intermediate installed.

User-added image

Part 3 of 3: Creating the CSR

1. Double click or right click and select “Edit…” on the Network object where the certificate will be installed.

 

2. The Network object’s properties window appears. Click on IPSec VPN under General Properties from the left hand column and click on “Add…”

 

3. The Certificates Properties window will appear. Enter a nickname for the certificate such as “Entrust”. For the “CA to enroll from” field you must select the “Entrust_Intermediate”. The SSL certificate generated will be issued off the Entrust L1K, Intermediate.  Click “Generate” when done.

User-added image

 

4.  The informational window regarding generating a certificate for the node will appear. Click “Yes” to continue.

 

5. Generate Certificate Request window will appear. Enter the DN of the of the certificate in a format similar to this: CN=sslvpn.domain.com,O=Company Inc,L=City,ST=State,C=US

 

6. If you require Subject Alternate Names (SANs) in the certificate you will need to click on the “Define Alternate Names”. Click on “Add” and include the necessary SAN names. Adding SAN’s to a certificate can also be achieved in the Entrust Cloud Services Portal.

 

7. Click OK and the Certificate Request will be completed.

 

8. You will then return to the Gateway properties window. Select the Entrust certificate request you have just created in the list of Repository of Certificates Available and click “View…”

 

9. The Certificate Request View window will appear. You can copy the CSR by clicking on the “Copy to Clipboard” button or “Save to File…” to save the CSR to a file.



You have now completed the Certificate Signing Request on your CheckPoint appliance. Paste the CSR in the Entrust portal or the order to create the certificate.
 

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

 

 

TN9042