Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

SIC certificate for OPSEC expired

Hello team,

We are managing a smart center running on GAIA R77.30 (yes the version is obsolate 😉). We have a customer OPSEC server connecting to our device and we found out that the SIC certificate expired, checked on the smart center and on the OPSEC servers log.

I am wondering if by resetting the SIC status on the smart center would also generate the new certificate? In this case I assume that resetting the SIC and setting a new PSK would solve the issue.

From what I read there is an option to generate a new certificate using the ICA Management tool. sk62873 sk39915

Here I am a bit lost how to generate the new certificate.

 

In the documentation I found this related for the SIC certificate automatic renewal however I am not sure if it relates to third party devices.

Automatic renewal of SIC certificates ensuring continuous SIC connectivity

SIC certificates are renewed automatically after 75% of the validity time of the certificate has passed. If, for example, the SIC certificate is valid for five years, 3.75 years after it was issued, a new certificate is created and downloaded automatically to the SIC entity. This automatic renewal ensures that the SIC connectivity of the gateway is continuous. The administrator can decide to revoke the old certificate automatically or after a set period of time. By default, the old certificate is revoked one week after the certificate renewal has taken place.

https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R7...

 

Any thoughts are appreciated 🙂

 

Thanks a lot.

Matt

0 Kudos
Reply
0 Replies