SSL Certificate Installation on a Checkpoint VPN

If you have not yet added a root and intermediate certificate, created a Certificate Signing Request (CSR), and ordered your certificate, see
CSR Creation for a Checkpoint VPN Appliance.

Installing the Certificate to the Checkpoint device

  1. Open the Device you are going to have the SSL Certificate served from, then go to IPSec VPN click Complete, then find your_domain_com.crt then click Ok.

    IPSEC VPN Complete Certificate Request

  2. If you are allowing Clientless VPN login, click that option then select the certificate for this specific gateway (cert nickname).

    Clientless VPN SSL Certificate Selection

  3. To allow VPN Client login, click that option under IPSEC VPN, then choose 'SSL Network extender' and, select the certificate by it's nickname and click 'Ok'.

    VPN Clients select SSL Certificate for Gateway Authentication

    4. Push this policy to devices and clients

  4. Click the Install policies button (next to green checkmark button above the 'Anti-spam & Mail' tab, and see image below)

    Screenshot showing Install Policies button

  5. Select which Installation Targets the certificate will be sent to.
    You can choose to install this certificate on each gateway, by clicking the radio button, and as a safeguard you can click the box to not install it all if it fails.
    To help you track database changes, you can click the checkmark and name the database change and leave a comment about it.

    Choose installation targets and comment the database change

    This will reset the settings and push the new policy out to clients.

Related Links

SSL Certificate

SSL Support