User Certificate Management
Internally managed User Certificates can be initialized, revoked or have their registrations removed using the ICA
Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication. Management Tool. User Certificates of users managed on an LDAP server can only be managed using the ICA Management Tool.
This table shows User Certificate attributes that can be configured using the ICA Management Tool
|
Attributes |
Default |
Configurable |
Comments |
|---|---|---|---|
|
validity |
2 years |
yes |
|
|
key size |
2048 bits |
yes |
Can be set to 4096 bits |
|
DN of User certificates managed by the internal database |
CN=user name, OU=users |
no |
This DN is appended to the DN of the ICA |
|
DN of User certificates managed on an LDAP server |
|
yes |
Depends on LDAP branch |
|
KeyUsage |
5 |
yes |
Digital signature and Key encipherment |
|
ExtendedKeyUsage |
0 (no KeyUsage) |
yes |
|
Modifying the Key Size for User Certificates
If the user completes the registration from the Remote Access machine, the key size can be configured in the Advanced Configuration page in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
To configure the key size
-
From the , select Global Properties.
-
Go to Advanced, and in the Advanced Configuration section, click configure.
The Advanced Configuration window opens.
-
Go to the Certificates and PKI properties page.
-
Set the new key size for this property:
user_certs_key_size. -
Click OK.
You can also change the key size using the Database Tool (GuiDBEdit Tool) (see sk13009). Change the key size as it is listed in users_certs_key_size Global Property. The new value is downloaded when you update the site.