How to set an alternative certificate for the SandBlast Threat Prevention API functionality
||R77.30 (EOL), R80 (EOL), R80.20 (EOL), R80.30 (EOL)
- This feature lets the user set an alternative (non Check Point) certificate for the SandBlast Threat Prevention API functionality.
- The feature lets the user replace the certificate on the Gateway that is used for the API calls (for example: https://:18194/tecloud/api/v1/file/upload).
- This feature currently supports a pfx certificate without an export password.
- This feature is supported starting in Threat Emulation Engine Update 9.1 (refer to sk95235 for more information).
How to use this feature
- Generate a pfx certificate (pkcs#12) without an export password and upload it to the Gateway.
- Enable the feature by running: 'tecli adv server_cert set enable 1'
- Set the new certificate path by running: 'tecli adv server_cert set path <certificate path>'
- Restart the TED process by running: 'fw kill ted'
- Check that the Server has initialized successfully (RemoteGWServerManager in TE logs).
- Check that the API functionality remains intact.
- Check that the new alternative certificate is the one that is used by the Gateway server.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.