In This Section: |
To allow your users to access their resources using their handheld devices, make sure they can authenticate to the Gateway with client certificates.
In many organizations, the daily task of assigning and maintaining client certificates is done by a different department than the one that maintains the Security Gateways. The computer help desk, for example. You can create an administrator that is allowed to use SmartConsole to create client certificates, while restricting other permissions.
To configure client certificates, open SmartConsole and go to Security Policies > Access Control > Access Tools > Client Certificates.
To configure the Mobile Access policy, go to Manage & Settings > Blades > Mobile Access > Configure in SmartDashboard. The Client Certificates page in SmartConsole is a shortcut to the SmartDashboard Mobile Access tab, Client Certificates page.
Check Point Mobile Apps for mobile devices can use certificate-only authentication or two-factor authentication with client certificates and username/password. The certificate is signed by the internal CA of the Security Management Server that manages the Mobile Access Security Gateway.
Manage client certificates in Security Policies > Access Control > Access Tools > Client Certificates..
The page has two panes.
Note - If you use LDAP or AD, creation of client certificates does not change the LDAP or AD server. If you get an error message regarding LDAP/AD write access, ignore it and close the window to continue.
To create and distribute certificates with the client certificate wizard:
The Certificate Creation and Distribution wizard opens.
You can click Edit to view and change its details.
The Users page opens.
A progress window shows. If errors occur, an error report opens.
If the status of a certificate is Pending Enrollment, after you revoke it, the certificate does not show in the Client Certificate list.
To revoke one or more certificates:
After you revoke a certificate, it does not show in the Client Certificate list.
To create or edit an email template:
To edit a template: In the Email Templates for Certificate Distribution pane, double-click a template.
The Email Template opens.
For each link type, you select which elements will be added to the mail template:
You can select both QR Code and HTML link to include both in the email.
The text in Display Text is the text that shows on the link.
a. Certificate and Site Creation - For users who already have a Check Point app installed. When users scan the CR code or go to the link, it creates the site and registers the certificate.
b. Download Application - Direct users to download a Check Point App for their mobile devices.
Clone an email template to create a template that is similar to one that already exists.
To create a clone of an email template:
You can create an administrator that is allowed to use SmartConsole to create client certificates, and restrict other permissions.
To make an administrator for client certificates: