cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

MDS config - how to update internal CA

Hello,

little issue when executing mdsconfig and creating the new internal CA, it takes the default IP whereas I updated the ip and hostname earlier :

Internal Certificate Authority created successfully
Certificate was created successfully
Setting FQDN to: 192.168.1.1
Executing "$CPDIR/bin/cp_conf ca fqdn 192.168.1.1" in order to set FQDN
Trying to contact Certificate Authority. It might take a while...
192.168.1.1 was successfully set to the Internal CA
Executing "$CPDIR/bin/cp_conf ca fqdn 192.168.1.1" in order to set FQDN - Done
Certificate Authority initialization ended successfully

I think it is one of the reasons that might prevent the MDS processes from running because it does not find the correct CA for instance, find below the error I get when trying to start MDS services  :

ERROR: Couldn't create the Internal CA object. Check that the Internal CA process is running.

Thanks in advance for the help.

0 Kudos
2 Replies
Admin
Admin

Re: MDS config - how to update internal CA

If you're running R77.30 or earlier and haven't applied a recent Jumbo Hotfix, you may be running into this issue: Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Man... 

0 Kudos

Re: MDS config - how to update internal CA

Hello Dameon,

First, thanks for the reply Smiley Happy

Ha! yes I did forget to precise the version ... Indeed it is a 77.30 recently upgraded from R76 (lab Smiley Happy) . But what I find strange is that I manualy installed the last CPuse agent (section 3-A):

Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent 

Then I also did install the last hotfix compatible with R77.30 (302) :

R77.30 Recommended Hotfixes 

As hotfix are incremental, should it not be ok like that ? If yes then the only thing I can think of is that I did not follow correctly the migration procedure then.

Well I will setup a new lab later to debug further ... for the moment I took a snapshot of another MDS which does have same hardware and OS for migration purpose Smiley Happy

Thanks again and have a nice weekend Smiley Happy

0 Kudos