1. Situation

When submitting CSR to Symantec Verisign, it shows the CSR is not generated with a 2048 bit key. But from the place where to generate CSR in Checkpoint Smart Dashboard gateway properties window, there is no option to change 1024 bit key to 2048 bit or higher.

3-25-2014+9-47-43+AM.jpg?resize=640%2C440&ssl=13-25-2014+9-47-43+AM.jpg?resize=640%2C440&ssl=1

2. Research

It seems Checkpoint gateway is still using 1024 bit key. Checkpoint SK44961 has a solution for this.

3. Solutions

By default, when generating a CSR for 3rd party certificate use, the CSR is 1024bit. Some certificate vendors require 2048bit.
To change the default size of the CSR when generating it through the security gateway object:
  1. Open the SmartDashboard.
  2. Go to Policy -> Global Properties -> SmartDashboard Customization.
  3. Click ‘Configure’.
  4. In the opened Advanced Configuration view go to ‘Certificates and PKI properties’.
  5. Edit the “host_certs_key_size” property accordingly.
  6. Save and install the Security policy.
4-3-2014+2-09-31+PM.jpg?resize=576%2C640&ssl=14-3-2014+2-09-31+PM.jpg?resize=576%2C640&ssl=1

4. Verify

4-3-2014+2-09-31+PM.jpg?resize=640%2C602&ssl=14-3-2014+2-09-31+PM.jpg?resize=640%2C602&ssl=1