Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_Jensen
Advisor
Jump to solution

Expired VPN certificates on gateways - no VPN blades enabled

After installing access control policy to a active/standby gateway cluster I have been receiving alerts that the VPN certificates on the gateways has expired.  I do not have the IPSec VPN or Mobile Access blades enabled on the cluster so I don't have the option to renew the cert and really don't even need it.

Is there a way I can remove the certificates to clear the message that comes up after installing policy?

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Pretty sure certificates need to exist even if you’re not using VPN.
Recommend enabling it, renewing/regenerating the certificate, disabling, and pushing policy.
There should be no harm in this.

View solution in original post

5 Replies
JackPrendergast
Advisor
Advisor

Enable IPSEC VPN blade, head to IPSEC VPN on the left hand side menu, either remove or renew the cert.

 

Then, disable IPSEC VPN and push policy.

 

Should clear it.. should....

Mike_Jensen
Advisor

Instead of enabling the IPSEC VPN blade I went into the ICA Manager on my SMS, deleted the certs in question, and the message still persists after installing policy.  I even did a cpstop/cpstart on the SMS after deleting the certs.

PhoneBoy
Admin
Admin

Pretty sure certificates need to exist even if you’re not using VPN.
Recommend enabling it, renewing/regenerating the certificate, disabling, and pushing policy.
There should be no harm in this.

Emil_T
Contributor

Error persists

0 Kudos
PhoneBoy
Admin
Admin

Suggest engaging with TAC: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events