Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_St__Germai
Advisor

Migration to SHA256 for internal CA

Hey Guys. Just need a sanity check. Running R77.30 and our VPN Certificate is showing as using SHA1. I am looking at the SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) article.

It mentions Resetting SIC. Am I correct in assuming this is only if we wanted to re-generate the SIC certificate using SHA256? If we just simply wanted to re-generate the cert used for VPN this is not needed? So for instance all I would need to do is the following if I just wanted a SHA256 cert for VPN:

1. Run  cpca_client set_sign_hash sha256 on the mgmt box

2. Re-generate VPN certificate under each gateway

3. Install policy

Thanks!

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

I believe you are correct.

The setting applies for NEW certificates generated going forward, not for existing ones.

Note that once you do this, you will not be able to generate new SIC certificates for gateways prior to version R71, which do not support SHA2 hashes.

Ryan_St__Germai
Advisor

Thanks! I will give it a shot and hopefully all goes well. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events