cpca_client set_ca_services

Description

This command enables and disables the Certificate Authority Services Portal on the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. on the TCP port 18268.

From this portal, you can download the applicable Internal Certificate Authority certificates.

For trust purposes, you can install this certificate on the applicable Security Gateways, externally managed Site to Site VPN peer gateways, Remote Access VPN clients, clients that use Clientless VPN, and so on.

Note - In R81.10, the TCP port 18264 on the Management Server is available only for the retrieval of the CRL (Certificate Revocation List).

Syntax

cpca_client set_ca_services {on | off}

Parameters

Parameter

Description

on

Enables the Certificate Authority Services Portal

off

Disables the Certificate Authority Services Portal

Procedure for a Security Management Server

  1. Connect to the command line on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

  2. Log in to the Expert mode.

  3. Enable the Certificate Authority Services Portal:

    cpca_client set_ca_services on

  4. With a web browser, connect to:

    http://<IP Address of Security Management Server>:18268

  5. Download the required certificate.

  6. Install this certificate on the applicable computers.

  1. Connect to the command line on the Security Management Server.

  2. Log in to the Expert mode.

  3. Disable the Certificate Authority Services Portal:

    cpca_client set_ca_services off

Procedure for a Domain Management Server

  1. Connect to the command line on the Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS..

  2. Log in to the Expert mode.

  3. Go to the context of the Domain Management Server:

    mdsenv <IP Address or Name of Domain Management Server>

  4. Enable the Certificate Authority Services Portal:

    cpca_client set_ca_services on

  5. With a web browser, connect to:

    http://<IP Address of Domain Management Server>:18268

  6. Download the required certificate.

  7. Install this certificate on the applicable computers.

  1. Connect to the command line on the Multi-Domain Server.

  2. Log in to the Expert mode.

  3. Go to the context of the Domain Management Server:

    mdsenv <IP Address or Name of Domain Management Server>

  4. Disable the Certificate Authority Services Portal:

    cpca_client set_ca_services off