How to Connect with SSL Network Extender using a Certificate

Similar documents
How To Configure OCSP

How To Import New Client MSI Files and Upgrade Profiles

Endpoint Security webrh

Check Point Mobile VPN for ios

How to Configure ClusterXL for L2 Link Aggregation

SecuRemote for Windows 32-bit/64-bit

How To Troubleshoot VPN Issues in Site to Site

SmartWorkflow R Administration Guide. 29 May Classification: [Restricted]

Remote Access Clients for Windows 32/64-bit

How To Configure and Tune CoreXL on SecurePlatform

How To Configure IPSO as a DHCP Server

Check Point GO R75. Release Notes. 21 December Classification: [Public]

How To Install SecurePlatform with PXE

Endpoint Security. E80.30 Localized Version. Release Notes

Data Loss Prevention. R75.40 Hotfix. Getting Started Guide. 3 May Classification: [Protected]

R Release Notes. 6 March Classification: [Protected] [Restricted] ONLY for designated groups and individuals

Security Gateway for OpenStack

Endpoint Security webrh

Security Gateway Virtual Edition

How To Install IPSO 6.2

Security Gateway Virtual Edition

Endpoint Security Release Notes

VSEC FOR OPENSTACK R80.10

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

Data Loss Prevention R71. Release Notes

Remote Access Clients for Windows 32-bit/64-bit

Security Acceleration Module

Check Point Document Security

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Check Point GO R75. User Guide. 14 November Classification: [Public]

How to Set Up External CA VPN Certificates

Security Gateway 80 R Administration Guide

Endpoint Security Client

Symantec Managed PKI. Integration Guide for ActiveSync

Remote Access Clients for Windows 32-bit/64-bit

Using SSL to Secure Client/Server Connections

AAD - ASSET AND ANOMALY DETECTION DATASHEET

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

VMware AirWatch Integration with SecureAuth PKI Guide

CertAgent. Certificate Authority Guide

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

R Release Notes. 18 August Classification: [Public]

Configuring Remote Access using the RDS Gateway

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

CertAgent. Certificate Authority Guide

VMware AirWatch Integration with RSA PKI Guide

Using Microsoft Certificates with HP-UX IPSec A.03.00

Blue Coat Security First Steps Solution for Controlling HTTPS

Quality of Service R75.40VS. Administration Guide. 15 July Classification: [Protected]

Check Point IPS R75. Administration Guide

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Managing Certificates

NetApp SolidFire Element OS. Setup Guide. Version March _A0

Configuring the VPN Client 3.x to Get a Digital Certificate

Assureon Installation Guide Client Certificates. for Version 6.4

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

Special Hotfix for R75.40VS

Describe CVS Tutorial

Partner Information. Integration Overview Authentication Methods Supported

Connectra Virtual Appliance Evaluation Guide

PKI Configuration Examples

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

Cluster and SVM Peering Express Guide

Security Management Server. Administration Guide Version R70

Novatel Wireless SA-2100 Edge MicroServer Installation and Setup Guide. Version [1.0]

Nimsoft Monitor Server

SAP Business One Integration Framework

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

IPS R Administration Guide

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

How to Configure SSL Interception in the Firewall

ActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook

SmartView Monitor R75. Administration Guide

Eventia Analyzer. Administration Guide Version R70. March 8, 2009

AirWatch Mobile Device Management

3. In the upper left hand corner, click the Barracuda logo ( ) then click Settings 4. Select the check box for SPoE as default.

IPS Event Analysis R Administration Guide

Using SSL/TLS with Active Directory / LDAP

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

Configuring Certificate Authorities and Digital Certificates

vcloud Director Administrator's Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Installation and Upgrade Guide

Configuring Embedded LDAP Authentication

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Send documentation comments to

Public Key Enabling Oracle Weblogic Server

Practical Network Defense Labs

Enterprise Vault Requesting and Applying an SSL Certificate and later

Performance Pack. Administration Guide Version R70. March 8, 2009

Novell Access Manager

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Alliance Key Manager AKM for AWS Quick Start Guide. Software version: Documentation version:

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Cleo A+ for Windows Installation Guide November 2001

Cleo Streem Fax User Guide. Version 7.3

Transcription:

How to Connect with SSL Network Extender using a Certificate 29 August 2011

2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?id=12512 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 29 August 2011 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on How to Connect with SSL Network Extender using a Certificate ).

Contents Important Information... 3 How to Connect with SSL Network Extender using a Certificate... 5 Objective... 5 Supported OS... 5 Supported Versions... 5 Before You Start... 5 Related Documentation and Assumed Knowledge... 5 Connecting with SSL Network Extender using a Certificate... 6 Index... 17

Objective How to Connect with SSL Network Extender using a Certificate Objective This document shows how to connect with SSL Network Extender using a third party user certificate. Supported OS Windows 7 32-bit and 64-bit Windows XP Supported Versions Security Gateway R70 and higher Before You Start Related Documentation and Assumed Knowledge VPN Admin Guide sk37782 (https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&sol utionid=sk37782&js_peid=p-114a7bc3b09-10006&partition=advanced&product=security) SNX users fail to authenticate using certificates sk33319 SNX access with CA authentication fails How-to-configure-3-level-CA-on-Win2k8.doc Certificate Authority structure overview: Microsoft Active Directory: mycorp.cp Root CA: RootCA Subordinate CA: policyca How to Connect with SSL Network Extender using a Certificate Page 5

Subor dinate C A: issuer Related Documentation and Assumed Knowledge Connecting with SSL Network Extender using a Certificate Get Root Certificate 1. In the Active Directory Certificate Services - policyca Welcome window, under Select a task, select Download a CA certificate, certificate chain, or URL. 2. In the Active Directory Certificate Services - RootCA Download a CA Certificate, Certificate Chain, or CRL window, under Encoding method, select Download CA certificate. Connecting with SSL Network Extender using a Certificate Page 6

Related Documentation and Assumed Knowledge Get First Subordinate CA Certificate 1. In Active Directory Services - policyca Welcome window, under Select a task, select Download a CA certificate, certificate chain, or CRL. 2. In Active Directory Certificate Services - policyca Download a CA Certificate, Certificate Chain, or CRL window, under Encoding method, select Download CA certificate chain. 3. Get a second subordinate CA certificate as in step 2. Add CA to SmartCenter 1. Open SmartDashboard. 2. In Servers and OPSEC applications, expand Trusted CAs, right-click Trusted CAs > New CA > Trusted. Connecting with SSL Network Extender using a Certificate Page 7

Related Documentation and Assumed Knowledge 3. In the Certificate Authority Properties - RootCA window, in the OPSEC PKI tab, under Certificate, click GET and under Retrieve CRL From, select HTTP Server(s). 4. Select the root certificate that was created earlier. 5. Create another Trusted CA object and import a certificate from the first subordinate CA. 6. Create another Trusted CA object and import a certificate from the second subordinate CA. Connecting with SSL Network Extender using a Certificate Page 8

Related Documentation and Assumed Knowledge Generate a Gateway Certificate 1. Open the gateway/gateway cluster object. 2. In IPSec VPN, click Add. In the Certificate Properties window that opens, select the last subordinate CA. 3. Click Generate. 4. In the Generate Certificate Request window, enter the DN. 5. In the gateway, click View. Connecting with SSL Network Extender using a Certificate Page 9

6. In the Certificate Request View window, click Copy to Clipboard. Related Documentation and Assumed Knowledge 7. In the Active Directory Certificate Services - issuer Welcome window, under Select a task, select Request a Certificate. 8. In the Request a Certificate window, select advanced certificate request. 9. In the Submit a certificate Request window, in the Saved Request field, paste the data from the Certificate Request View, which you copied to clipboard and click Submit. Connecting with SSL Network Extender using a Certificate Page 10

Related Documentation and Assumed Knowledge 10. In the Active Directory Certificate Services - MSCA-ROOT-CA Certificate Issued window, select Download certificate chain. 11. In the gateway/gateway cluster IPSec VPN, import the p7b certificate to the gateway/gateway cluster, select it and click Complete. 12. In VPN clients, make sure SSL Network Extender is selected. 13. Make sure Office Mode is configured according to VPN Admin Guide. Issue User Certificate 1. Connect to Issuer CA website, http://mycorp.cp/certsrv (http://mycorp.cp/certsrv). Enter User name and Password when prompted. Connecting with SSL Network Extender using a Certificate Page 11

Related Documentation and Assumed Knowledge 2. In the Active Certificate Services - issuer Welcome window, select Request a certificate. 3. In the Request a Certificate window, select User Certificate. Connecting with SSL Network Extender using a Certificate Page 12

4. In the User Certificate - Identifying Information window, click Submit. Related Documentation and Assumed Knowledge 5. In the Certificate Issued window, click Install this certificate. Connecting with SSL Network Extender using a Certificate Page 13

Related Documentation and Assumed Knowledge 6. In Windows Certificates window, Personal folder, Certificates sub folder, select the certificate. 7. In the General tab, make sure it states You have a private key that corresponds to this certificate. Connecting with SSL Network Extender using a Certificate Page 14

Related Documentation and Assumed Knowledge 8. In the Certification Path tab, view the certificate and make sure the status is This certificate is OK. Connecting with SSL Network Extender using a Certificate Page 15

Related Documentation and Assumed Knowledge 9. Connect to SSL Network Extender. Select the certificate when prompted and click OK. Connecting with SSL Network Extender using a Certificate Page 16

Index B Before You Start 5 C Connecting with SSL Network Extender using a Certificate 6 H How to Connect with SSL Network Extender using a Certificate 5 I Important Information 3 O Objective 5 R Related Documentation and Assumed Knowledge 5 S Supported OS 5 Supported Versions 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback