Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Can anybody shed some light on "PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement." as stated in the sk153152.

0 Kudos
6 Replies
Highlighted
Sapphire

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

What is your issue with Internal CA certificate ? Looks like you want to know if the Jumbo Take helps with your problem, don't you ?

0 Kudos
Highlighted

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Nothing special. I just want to know what that means.

0 Kudos
Highlighted

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

I'm assuming this is the ability to use an external CA for SIC operations between Check Point components such as Security Management Servers and Security Gateways.  This may be in response to audit findings showing that SIC is using internally-generated self-signed certs instead of those from a more trusted enterprise PKI.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Assuming is not enough, "scientia est potentia"

0 Kudos
Highlighted
Sapphire

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Open a SR# with TAC and post the findings here - this will make us all more wise in wonderfull ways 😉 without having any issue at all...

0 Kudos
Highlighted
Admin
Admin

Re: PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

If I'm understanding the various support tasks correctly, there are some situations where the ICA needs to be updated when upgrading to R80.x from older installations that have been upgraded from legacy versions.
I don't believe it allows wholesale replacement of the ICA with something completely new (i.e. an external CA), but it does provide a mechanism to address the issue.
0 Kudos