When you run opsec_pull_cert utility to retrieve the certificate from LEA server of Checkpoint, you receive an error message.

opesec error rc=-1 err=-96 connection error

This error means there is a network connectivity issue and the utility cannot communicate with the remote LEA server. You need to check if port 18210 is blocked on the firewall. Once you enable this port, you should be able to pull the certificate from the LEA server.