[VPN] One certificate by Checkpoint SecureClient

Jean-Francois Dive jef at linuxbe.org
Fri Jan 21 03:45:22 EST 2005


why not simply use openssl as a CA? generate offline enrolement request,
make them signed by the CA, import the CA cert, the signed CERT,
configure the thing to authorize based on that cert chain and there  you go. Free,
easy, just lack a GUI, but...
CA.pl -newca, CA.pl -sign is quite straight forward to use.. Just need a
*nix box or a port on win32. 

I really dont know checkpoint, really too proprietary for my taste.

J.

On Thu, Jan 20, 2005 at 10:52:41AM +0100, Guez wrote:
> Hello
> 
>  
> 
> I am working in a society that have some different sites with Checkpoint
> FW-1/VPN-1 installed. In addition, I have some persons that they must
> connect by secureclient at these different sites. I am using the internal CA
> of Checkpoint to create the certificates. Therefore, these persons have one
> certificate for each connection to these sites. What I want to do it's to
> have one certificate by nomad person which permit them to connect at all
> these sites.
> 
>  
> 
> So I need the same CA on each Checkpoint module.
> 
>  
> 
> I try to export an internal CA from one checkpoint module to another one and
> add it like OPSEC PKI. However, after I generate the certificate request for
> my gateway, I don't know how to sign this one by my first checkpoint module
> which delivered the internal CA.
> 
>  
> 
> If you are any ideas of how can I make this stuff .
> 
> Thank you for your help!
> 
>  
> 
> David
> 
>  
> 
> Ps: Sorry for my English but I am French.
> 
>  
> 

> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn

-- 
--

-> Jean-Francois Dive
--> jef at linuxbe.org

  I think that God in creating Man somewhat overestimated his ability.
    -- Oscar Wilde



More information about the VPN mailing list