cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
An_Ly
Ivory

UserCheck portal certificate problem when FW's IP address is changed

Hi,

I have a VSX HA R80.10 clustered environment.  There is a VS firewall with App & URL filtering and UserCheck portal turned on also.  

The issue I have is when I changed the firewall external interface to another IP address the UserCheck portal certificate is not recreated.  Therefore it still has the old IP address which cause a SSL certificate error.  I have engaged Checkpoint support but without a solution so far.

Does anyone knows how to regenerate the UserCheck portal certificate?

Note: I attached two screenshots.  Capture1 shows the usercheck IP of 192.168.39.11 and Capture2 shows the usercercheck certificate's SAN IP of 192.168.39.20

4 Replies
Admin
Admin

Re: UserCheck portal certificate problem when FW's IP address is changed

You can generate a certificate as desired and import it, as shown here:

0 Kudos
An_Ly
Ivory

Re: UserCheck portal certificate problem when FW's IP address is changed

Dameon,

As it indicates the portal certificate is auto-generated somehow by the smart center behind the scene. I would like the certificate generated again by the smart center after the IP address has changed.  That's what I'm looking for.

I understand the other way around is to get a trusted CA but not everyone can do and that still doesn't correct the bug that a new certificate is not auto-generated when the IP changes.

Highlighted
Admin
Admin

Re: UserCheck portal certificate problem when FW's IP address is changed

You don't necessarily have to use a trusted CA for this, you can execute the commands in, e.g. openssl.

But agree there should be a more obvious way to do this.

0 Kudos

Re: UserCheck portal certificate problem when FW's IP address is changed

Hi An Ly,

Hope this solves your query.

 How to generate new certificate for gateway/cluster

Thanks Smiley Happy

0 Kudos