This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dan_Roddy
Collaborator
‎2019-04-03 01:46 PM

Sha-1 certificate on R80.10 Management server

Every week I discover a troubling detail about our environment. 

 

How did I end up with a SHA-1 certificate on management, and thus the gateways.  SHA-1 was deprecated in 2017 and it was a big deal then.  Can someone help me understand sk#103839 (SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) ?  Yes, this probably is my problem that I did not take care of, so if it is, please just tell me.

Thank you,

Dan

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2019-04-03 04:11 PM

Assuming your R80.x Management was upgraded from R77.x, your Internal CA is still probably using SHA1 certificates.
A fresh install of R80.x would result in a SHA256 ICA.
If you want to change your ICA to SHA256, see: https😕/supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note, if you're managing older gateways, this will break your ability to manage them.
The SK above lists the versions that supports a SHA256 ICA.

sk103839 relates to how the gateway and management fetches updates from Check Point and isn't related to the ICA.