This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_Jensen
Advisor
‎2021-02-23 09:24 AM
Jump to solution

Expired VPN certificates on gateways - no VPN blades enabled

After installing access control policy to a active/standby gateway cluster I have been receiving alerts that the VPN certificates on the gateways has expired.  I do not have the IPSec VPN or Mobile Access blades enabled on the cluster so I don't have the option to renew the cert and really don't even need it.

Is there a way I can remove the certificates to clear the message that comes up after installing policy?

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-02-28 10:43 AM
In response to Mike_Jensen
Jump to solution

Pretty sure certificates need to exist even if you’re not using VPN.
Recommend enabling it, renewing/regenerating the certificate, disabling, and pushing policy.
There should be no harm in this.

View solution in original post

5 Replies
JackPrendergast
Advisor
Advisor
‎2021-02-24 01:42 AM
Jump to solution

Enable IPSEC VPN blade, head to IPSEC VPN on the left hand side menu, either remove or renew the cert.

 

Then, disable IPSEC VPN and push policy.

 

Should clear it.. should....

Mike_Jensen
Advisor
‎2021-02-24 12:12 PM
In response to JackPrendergast
Jump to solution

Instead of enabling the IPSEC VPN blade I went into the ICA Manager on my SMS, deleted the certs in question, and the message still persists after installing policy.  I even did a cpstop/cpstart on the SMS after deleting the certs.

PhoneBoy
Admin
Admin
‎2021-02-28 10:43 AM
In response to Mike_Jensen
Jump to solution

Pretty sure certificates need to exist even if you’re not using VPN.
Recommend enabling it, renewing/regenerating the certificate, disabling, and pushing policy.
There should be no harm in this.

Emil_T
Contributor
‎2024-08-27 01:20 PM
In response to PhoneBoy
Jump to solution

Error persists

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top