External Pki Certificates For Client-Server Communication; Importing External Pki Certificates - Check Point HARMONY R81 Administration Manual

External PKI Certificates for Client-Server
Communication
By default, Check Point servers and clients use certificates signed by the internal Check Point
Certificate Authority (CA) for client-server communication, authentication, and data encryption.
You can overwrite the default certificates with certificates generated by an external CA.
These types of certificates are supported, in .p12, .pem, and .crt formats:
n CA - Public certificate that is used to validate other certificates issued by the same CA. It
is installed on clients using Push Operations.
n SSL - Certificate for the Apache server component of each server for SSL
communication.
n Remote Help - Full Disk Encryption that is installed on the client uses this certificate to
work with the Remote Help server for password recovery.
n Unlock on LAN - Full Disk Encryption that is installed on the client uses this certificate for
authentication with the Unlock on LAN feature.
Import certificates and install them on servers and clients, as necessary.

Importing External PKI Certificates

The import procedure is the same for all types of external certificates.
SSL certificates must contain a server DN. If they contain a DN for a server which does not
exist, a warning shows. The user can choose to proceed.
To import an external certificate:
1. Open SmartEndpoint.
2. From the Menu, go to Manage > Certificate Management.
The Endpoint Security Management window opens.
3. Click Import.
The Import Certificate Wizard opens.
4. On the Import Certificate page:

External PKI Certificates for Client-Server Communication

R81 Harmony Endpoint Server Administration Guide | 30