This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ilovecheckpoint
Participant
‎2025-03-18 03:59 AM

Portal and vpn certificate

I'm on a case where vpn certificate is valid and portal certificate has expired since a while, but mobile access on office mode, has no problem on connecting on vpn.

Checkpoint Smart Console allows update easily vpn certificate directly from  gateway/cluster object.

Why does not update automatically also portal certificate as well?

Of course not everybody decide to use the same certificate, but it would be easier on case I use the same.

Why is not possible from GUI to export the vpn certificate and to import the same on portal?

Is there a way to check from a management via ssh/logs, if a portal certificate has expired or when it expires?

 

 

0 Kudos
6 Replies
Ilovecheckpoint
Participant
‎2025-04-25 07:01 AM
In response to G_W_Albrecht

I manage a lot of gateways so a lot of vpn certificates and a lot of portal certificates. I have found a command on management to check vpn certificate.

What about to check from management when a portail certificate expires?

Why is not possible to see the portal certificate expiration as is seen for ipsec ?

If I export vpn certificate created via internal Checkpoint CA, via cli and reimport it on portal certificate, do user have a warning message? 

0 Kudos
the_rock
Legend
Legend
‎2025-04-25 08:49 AM
In response to Ilovecheckpoint

Im fairly sure the only time they would see the cert warning is if they delete/re-create the site.

Andy

0 Kudos
Duane_Toler
Advisor
‎2025-04-28 09:51 PM
In response to Ilovecheckpoint

Clients will not get a fingerprint warning. The fingerprint is that of the CA certificate, not he gateway certificate.  Renew VPN certs all you want! 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
the_rock
Legend
Legend
‎2025-04-29 03:20 AM
In response to Duane_Toler

Thats true, every time I renew it in the lab, I never see the warning.

0 Kudos
the_rock
Legend
Legend
‎2025-04-28 06:40 PM

Hey mate, were you able to figure this out?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events