topic Re: Valid Certificates Overview - Oneliner in Scripts

Valid Certificates Overview - Oneliner

C_H — Fri, 05 May 2023 11:02:43 GMT

Since I often run into problems with expired IKE or SIC certificates I have written an oneliner that shows the current date and time, the expiration date of the internal Check Point CA and all valid IKE and SIC certificates with expiration date.

The oneliner must be run on the management in expert mode.

if [[ `$CPDIR/bin/cpprod_util FwIsFirewallMgmt 2>/dev/null` != *'1'* ]] || [[ `$CPDIR/bin/cpprod_util FwIsStandAlone 2>/dev/null` == *'1'* ]];then echo;printf '%.s-' {1..70};echo;echo;echo ' Not a Management!';echo;printf '%.s-' {1..70};echo;else echo;echo -n 'Current Date and Time';echo;printf '%.s-' {1..70};echo;date +"%d %b %Y %H:%M:%S %:z %Z";echo;echo;echo -n 'Check Point Internal Certificate Authority (ICA) Experation Date';echo;printf '%.s-' {1..70};echo;date --date="$(echo | cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: 2>/dev/null | cpopenssl x509 -noout -enddate | awk -F '=' '{print $NF}' )" +"%d %b %Y %H:%M:%S %:z %Z";echo;echo;echo -n 'Current Valid IKE & SIC Certificates signed by ICA';echo;printf '%.s-' {1..70};echo;cpca_client lscert -stat Valid | awk 'NR > 3 { print }' | awk '{ printf "%s", $0; if (NR % 4 == 0) print ""; else printf " " }' | awk '{if ($9 ~ /SIC/) print $3,$9,$12,$25,$24,$27,$26; else if ($11 ~ /IKE/) print $3,$11,$14,$27,$26,$29,$28}' | awk -F '[, ]' '{if ($3 ~ /SIC/) print $1,$3,$4,$5,$6,$7,$8; else if ($2 ~ /IKE/) print $1,$2,$3,$4,$5,$6,$7}' | sort -k6,6n -k5,5M -k4,4n -k7.1,7.7 | sed 's/CN=//' | awk '{printf "%s %s %s %02d %s %s %s\n", $1,$2,$3,$4,$5,$6,$7}' | awk 'BEGIN {print "Nr.",";Objectname",";Type",";Serial",";Not Valid After","","",""} {print NR,";"$1,";"$2,";"$3,";"$4,$5,$6,$7}'| column -t -s ";" -o " " ;echo;fi

Re: Oneliner - Overview Valid Certificates

the_rock — Thu, 04 May 2023 13:37:47 GMT

Wow...fantastic 🙌🙌👍

Just ran it in my R81.20 lab and below is output...perfect.

Andy

Current Date and Time
----------------------------------------------------------------------
04 May 2023 09:37:13 -04:00 EDT

Check Point Internal Certificate Authority (ICA) Experation Date
----------------------------------------------------------------------
18 Jan 2038 22:14:07 -05:00 EST

Current Valid IKE & SIC Certificates signed by ICA
----------------------------------------------------------------------
Nr. Objectname Type Serial Not Valid After
1 quantum-fw IKE 29117 01 May 2026 11:31:29
2 QUANTUM-MANAGEMENT SIC 65050 25 Nov 2027 09:28:55
3 cp_mgmt SIC 47684 25 Nov 2027 09:28:57
4 cp_mgmt SIC 94789 25 Nov 2027 09:28:49
5 cp_mgmt SIC 96292 25 Nov 2027 09:29:05
6 quantum-fw SIC 37617 25 Apr 2028 09:25:54

[Expert@QUANTUM-MANAGEMENT:0]#

Re: Oneliner - Overview Valid Certificates

Danny — Thu, 04 May 2023 15:53:17 GMT

Added it to One-liner collection (updated for R81.x)

Re: Oneliner - Overview Valid Certificates

PhoneBoy — Thu, 04 May 2023 19:34:55 GMT

@_Val_ potential Toolbox candidate here

Re: Valid Certificates Overview - Oneliner

CPArk — Tue, 19 Nov 2024 16:20:30 GMT

To all here, how hard would it be to automate sending the output of this script to a specified email address on a regular basis?

Re: Valid Certificates Overview - Oneliner

Ilovecheckpoint — Tue, 13 May 2025 12:30:07 GMT

Thank you.

Does it check portal certificates as well?