Client Certificates for Smartphones and Tablets

1. In SmartConsole, select Security Policies > Access Control > Access Tools > Client Certificates.

2. In the Client Certificates pane, click New.

   The Certificate Creation and Distribution wizard opens.

3. In the Certificate Distribution page, select how to distribute the enrollment keys to users. You can select one or both options.

   1. Send an email containing the enrollment keys using the selected email template -Each user gets an email, based on the template you choose, that contains an enrollment key.

      • Template - Select the email template that is used.

      • Site - Select the Security Gateway, to which users connect.

      • Mail Server - Select the mail server that sends the emails.

      You can click Edit to view and change its details.

   2. Generate a file that contains all of the enrollment keys - Generate a file for your records that contains a list of all users and their enrollment keys.

4. Optional: To change the expiration date of the enrollment key, edit the number of days in Users must enroll within x days.

5. Optional: Add a comment that will show next to the certificate in the certificate list on the Client Certificates page.

6. Click Next.

   The Users page opens.

7. Click Add to add the users or groups that require certificates.

   • Type text in the search field to search for a user or group.

   • Select a type of group to narrow your search.

8. When all included users or groups show in the list, click Generate to create the certificates and send the emails.

9. If more than 10 certificates are being generated, click Yes to confirm that you want to continue.

   A progress window shows. If errors occur, an error report opens.

10. Click Finish.

11. Click Save.

12. In SmartConsole, install the Policy.

1. Select the certificate or certificates from the Client Certificate list.

2. Click Revoke.

3. Click OK.

After you revoke a certificate, it does not show in the Client Certificate list.

1. In SmartConsole, select Security Policies > Access Control > Access Tools > Client Certificates.

2. To create a new template: In the Email Templates for Certificate Distribution pane, select New.

   To edit a template: In the Email Templates for Certificate Distribution pane, double-click a template.

   The Email Template opens.

3. Enter a Name for the template.

4. Optional: Enter a Comment. Comments show in the Mail Template list on the Client Certificates page.

5. Optional: Click Languages to change the language of the email.

6. Enter a Subject for the email. Click Insert Field to add a predefined field, such as a Username.

7. In the message body add and format text. Click Insert Field to add a predefined field, such as Username, Registration Key, or Expiration Date.

8. Click inside the E-mail Template body.

9. Click Insert Link and select the type of link to add (link or QR code).

   • Site and Certificate Creation

     For users who already have a Check Point app installed.

     When users scan the QR code or go to the link, it creates the site and registers the certificate.

     Select the client type that will connect to the site- Select one client type that users will have installed:

     • Capsule Workspace - An app that creates a secure container on the mobile device to give users access to internal websites, file shares, and Exchange servers.

     • Capsule Connect/VPN - A full Layer 3 tunnel app that gives users network access to all mobile applications.

   • Download Application

     Direct users to download a Check Point App for their mobile devices.

     Select the client device operating system:

     • iOS

     • Android

     Select the client type that will connect to the site- Select one client type that users will have installed:

     • Capsule Workspace - An app that creates a secure container on the mobile device to give users access to internal websites, file shares, and Exchange servers.

     • Capsule Connect/VPN - A full Layer 3 tunnel app that gives users network access to all mobile applications.

   • Custom URL

     Lets you configure your own URL.

   For each link type, you can select which elements are added to the mail template

   • Link URL - Enter the full link address.

   • QR Code - When enabled, users scan the code with their mobile devices.

   • HTML Link - When enabled, users tap the link on their mobile devices.

     You can select both QR Code and HTML Link to include both in the email.

   • Display Text - Enter the text for the link title.

10. Click OK.

11. Optional: Click Preview in Browser to see a preview of how the email will look.

12. Click OK.

13. Publish the changes

1. Select a template from the template list in the Client Certificates page.

2. Click Clone.

3. A new copy of the selected template opens for you to edit.

1. Define an administrator (see Managing Administrator Accounts).

2. Create a customized profile for the administrator, with permission to handle client certificates. Configure this in the Others page of the Administrator Profile. Restrict other permissions (seeAssigning Permission Profiles to Administrators).