On This Page
From January 01, 2023, TOS R21-3 Classic is EOL. Technical support will be available for a limited period to customers with Extended Support agreements.
Create a client certificate for log_exporter on the Check Point server
This procedure is similar to the procedure for generating a server certificate.
- To create a private key for the client, run:
openssl genrsa -out client.key 2048
- To create a Certificate Signing Request (CSR), run:
openssl req -new -key client.key -out client.csr
- Common Name attribute: Provide the (CMA/Domain) IP address or resolvable host name of client.
- All other attributes: Enter a period (•) to leave all other attributes blank.
- Challenge password []: <leave empty>
Do not use a period (•) for this value.
- To use the root CA to sign the CSR, run:
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 2 -out client.pem
- To verify the validity of the certificate, run:
openssl x509 -noout -text -in client.crt
- To verify the signature, run:
openssl verify -CAfile ca.crt client.crt
- To convert the certificate to .p12 format, run:
openssl pkcs12 -inkey client.key -in client.crt -export -out client.p12