cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

How to renew CMA ICA

Ok, this should have been rather easy and obvious. Internal CA for CMA has expired and I want to renew it. Gateways - easy peasy. But with management / CMA  i struggle to find a single reference in User Centre / SKs. Anyone?

Tags (3)
0 Kudos
5 Replies
ED
Silver

Re: How to renew CMA ICA

Hope this helps Invoking the ICA Management Tool

Connect to Internal CA Management Tool with a web browser. 

Also this Expired certificates cannot be deleted from the Management Database

0 Kudos

Re: How to renew CMA ICA

I did just that before but there are no tools to "renew" certs per say. Does that mean that deleting Expired certs will automatically recreate valid one?

0 Kudos

Re: How to renew CMA ICA

False alarm, looked at the wrong cert! It was not CMA ICA cert! Sorry

0 Kudos
ED
Silver

Re: How to renew CMA ICA

Bad suggestion.

"Use the ICA management tool for user certificate operations only, such as certificate creation. Do not use the ICA management tool to change SIC certificates or VPN certificates. Change SIC and VPN certificates in SmartConsole."

Re: How to renew CMA ICA

you can use the command  cp_conf ca, becarfull in production, you have to restablish sic to every firewall managed by this CMA.

cp_conf ca :Description Initialize the Certificate Authority Syntax

> cp_conf ca init

> cp_conf ca fqdn Parameter Description init Initializes the internal CA fqdn Sets the FQDN of the internal CA to >cp_conf finger Description Displays the fingerprint which will be used on first-time launch to verify the identity of the Security Management server being accessed by the SmartConsole. This fingerprint is a text string derived from the Security Management server's certificate Syntax

> cp_conf finger get

Thanks