Installing A Certificate - Check Point UTM-1 Edge User Manual

Installing a Certificate

Installing a Certificate

A digital certificate is a secure means of authenticating the UTM-1 appliance to other Site-
to-Site VPN Gateways. The certificate is issued by the Certificate Authority (CA) to
entities such as gateways, users, or computers. The entity then uses the certificate to
identify itself and provide verifiable information.
For instance, the certificate includes the Distinguished Name (DN) (identifying
information) of the entity, as well as the public key (information about itself). After two
entities exchange and validate each other's certificates, they can begin encrypting
information between themselves using the public keys in the certificates.
The certificate also includes a fingerprint, a unique text used to identify the certificate. You
can email your certificate's fingerprint to the remote user. Upon connecting to the UTM-1
VPN Server for the first time, the entity should check that the VPN peer's fingerprint
displayed in the SecuRemote/SecureClient VPN Client is identical to the fingerprint
received.
The UTM-1 appliance supports certificates encoded in the PKCS#12 (Personal
Information Exchange Syntax Standard) format, and enables you to install such certificates
in the following ways:
•
By generating a self-signed certificate.
See Generating a Self-Signed Certificate on page 529.
•
By importing a certificate.
The PKCS#12 file you import must have a ".p12" file extension. If you do not have
such a PKCS#12 file, obtain one from your network security administrator.
See Importing a Certificate on page 533.
Note: To use certificates authentication, each UTM-1 appliance should have a
unique certificate. Do not use the same certificate for more than one gateway.
Note: When the firewall is managed by SmartCenter, it automatically downloads a
certificate from SmartCenter, and therefore there is no need to install one.
528 Check Point UTM-1 Edge User Guide