Installing a Third Party SSL Certificate with Check Point Firewall

1.Log in to SmartDashboard.  

2.  From the Servers and OPSEC Applications tab > Servers > Trusted CAs, select New CA > Trusted to add the top level root CA first. 

3.  Add the appropriate label in the Name field and select OPSEC PKI as the Certificate Authority type. 

4.  Select the OPSEC PKI tab. In the "Retrieve CRL From" section, make sure that only "HTTP Server(s)" is selected, and then inside the "Certificate" section, click Get to insert the root CA certificate. 

5.  Browse to where you saved the root certificate. Check Point supports DER or PEM encoded certificates. Select the Root Certificate only, not a chain. They can have a .crt, .cer or similar extension. 

6. Click Open. A view of the imported certificate appears

7.  Verify the serial number or thumbprint and click OK to Accept the CA certificate

8.The Root CA object appears as shown. 

Installing an Intermediate CA


·  If you are using a third party like Verisign that uses an Intermediate CA, then you must install that Intermediate CA as described in this section. If not, continue to the Obtaining a Certificate from a Third Party Certificate Authority section. Verisign has 16 different Intermediate CA certificates that are available, see: 

·  It is always recommended to talk with your third party CA to ensure that you have the correct CA. 

1.  Create an Intermediate CA object. From the Servers and OPSEC applications tab > Servers > Trusted CAs > New CA, select Trusted. 

2.  Add the appropriate label for the Intermediate CA in the Name field

3.  Select the OPSEC PKI tab and click Get to obtain the Intermediate CA certificate 

4.  Browse to where you have saved the Intermediate root certificate, same as before. Select the Policy Certificate only, not a chain.

5.  Click Open. A view of the imported certificate appears. 

6.  Click OK to save the CA object. You should now see Root CA and Intermediate CA objects.