https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIC-certificate-for-OPSEC-expired/m-p/88894#M6839 <P>Hello team,</P><P>We are managing a smart center running on GAIA R77.30 (yes the version is obsolate <span class="lia-unicode-emoji" title=":winking_face:">😉</span>). We have a customer OPSEC server connecting to our device and we found out that the SIC certificate expired, checked on the smart center and on the OPSEC servers log.</P><P>I am wondering if by resetting the SIC status on the smart center would also generate the new certificate? In this case I assume that resetting the SIC and setting a new PSK would solve the issue.</P><P>From what I read there is an option to generate a new certificate using the ICA Management tool. sk62873 sk39915</P><P>Here I am a bit lost how to generate the new certificate.</P><P>&nbsp;</P><P>In the documentation I found this related for the SIC certificate automatic renewal however I am not sure if it relates to third party devices.</P><P class="tpbodytext"><EM>Automatic renewal of SIC certificates ensuring continuous SIC connectivity</EM></P><P class="tpbodytext">SIC certificates are renewed automatically after 75% of the validity time of the certificate has passed. If, for example, the SIC certificate is valid for five years, 3.75 years after it was issued, a new certificate is created and downloaded automatically to the SIC entity. This automatic renewal ensures that the SIC connectivity of the gateway is continuous. The administrator can decide to revoke the old certificate automatically or after a set period of time. By default, the old certificate is revoked one week after the certificate renewal has taken place.</P><P class="tpbodytext"><A href="https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118</A></P><P class="tpbodytext">&nbsp;</P><P class="tpbodytext">Any thoughts are appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P class="tpbodytext">&nbsp;</P><P class="tpbodytext">Thanks a lot.</P><P class="tpbodytext">Matt</P> Wed, 17 Jun 2020 11:04:45 GMT matti 2020-06-17T11:04:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIC-certificate-for-OPSEC-expired/m-p/88894#M6839 <P>Hello team,</P><P>We are managing a smart center running on GAIA R77.30 (yes the version is obsolate <span class="lia-unicode-emoji" title=":winking_face:">😉</span>). We have a customer OPSEC server connecting to our device and we found out that the SIC certificate expired, checked on the smart center and on the OPSEC servers log.</P><P>I am wondering if by resetting the SIC status on the smart center would also generate the new certificate? In this case I assume that resetting the SIC and setting a new PSK would solve the issue.</P><P>From what I read there is an option to generate a new certificate using the ICA Management tool. sk62873 sk39915</P><P>Here I am a bit lost how to generate the new certificate.</P><P>&nbsp;</P><P>In the documentation I found this related for the SIC certificate automatic renewal however I am not sure if it relates to third party devices.</P><P class="tpbodytext"><EM>Automatic renewal of SIC certificates ensuring continuous SIC connectivity</EM></P><P class="tpbodytext">SIC certificates are renewed automatically after 75% of the validity time of the certificate has passed. If, for example, the SIC certificate is valid for five years, 3.75 years after it was issued, a new certificate is created and downloaded automatically to the SIC entity. This automatic renewal ensures that the SIC connectivity of the gateway is continuous. The administrator can decide to revoke the old certificate automatically or after a set period of time. By default, the old certificate is revoked one week after the certificate renewal has taken place.</P><P class="tpbodytext"><A href="https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118</A></P><P class="tpbodytext">&nbsp;</P><P class="tpbodytext">Any thoughts are appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P class="tpbodytext">&nbsp;</P><P class="tpbodytext">Thanks a lot.</P><P class="tpbodytext">Matt</P> Wed, 17 Jun 2020 11:04:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIC-certificate-for-OPSEC-expired/m-p/88894#M6839 matti 2020-06-17T11:04:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIC-certificate-for-OPSEC-expired/m-p/221577#M42429 <P>Hi Matt,</P><P>I was looking at R81.10 and found the same information but wanted to know how long my certs have left?</P><P>Did you get the answer you were looking for?</P><P>Regards,</P><P>Shabib</P> Mon, 22 Jul 2024 14:17:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIC-certificate-for-OPSEC-expired/m-p/221577#M42429 shabib 2024-07-22T14:17:41Z