Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
I have a VSX HA R80.10 clustered environment. There is a VS firewall with App & URL filtering and UserCheck portal turned on also.
The issue I have is when I changed the firewall external interface to another IP address the UserCheck portal certificate is not recreated. Therefore it still has the old IP address which cause a SSL certificate error. I have engaged Checkpoint support but without a solution so far.
Does anyone knows how to regenerate the UserCheck portal certificate?
Note: I attached two screenshots. Capture1 shows the usercheck IP of 192.168.39.11 and Capture2 shows the usercercheck certificate's SAN IP of 192.168.39.20
As it indicates the portal certificate is auto-generated somehow by the smart center behind the scene. I would like the certificate generated again by the smart center after the IP address has changed. That's what I'm looking for.
I understand the other way around is to get a trusted CA but not everyone can do and that still doesn't correct the bug that a new certificate is not auto-generated when the IP changes.
You don't necessarily have to use a trusted CA for this, you can execute the commands in, e.g. openssl.
But agree there should be a more obvious way to do this.