Verifying whether Checkpoint is using a SHA-1 or SHA-256 certificate

Procedure:

The current version of the OPSEC SDK only supports certificates generated with SHA-1. If the Checkpoint device is using a SHA-256 certificate, SIEM will not be able to retrieve logs.

To verify whether Checkpoint is using SHA 1 or SHA 256, in the Checkpoint command line interface, run the following command:

grep ":signature_hash" $FWDIR/conf/InternalCA.C

• If the result returns no output, the Checkpoint device is using a SHA-1 certificate.
• If the result returns any output, the Checkpoint device is using a SHA-256 certificate.
• In this case, to retrieve logs with SIEM it is necessary to re-generate a SHA-1 certificate in Checkpoint, and then recreate the opsec application.

Notes:

• Trustwave plans to update the OPSEC SDK to support SHA-256. For more information, contact Trustwave TAC.
• Use of SHA-1 for this purpose does not affect compliance.