cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Dan_Roddy
Copper

Sha-1 certificate on R80.10 Management server

Every week I discover a troubling detail about our environment. 

 

How did I end up with a SHA-1 certificate on management, and thus the gateways.  SHA-1 was deprecated in 2017 and it was a big deal then.  Can someone help me understand sk#103839 (SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) ?  Yes, this probably is my problem that I did not take care of, so if it is, please just tell me.

Thank you,

Dan

 

0 Kudos
1 Reply
Admin
Admin

Re: Sha-1 certificate on R80.10 Management server

Assuming your R80.x Management was upgraded from R77.x, your Internal CA is still probably using SHA1 certificates.
A fresh install of R80.x would result in a SHA256 ICA.
If you want to change your ICA to SHA256, see: https😕/supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note, if you're managing older gateways, this will break your ability to manage them.
The SK above lists the versions that supports a SHA256 ICA.

sk103839 relates to how the gateway and management fetches updates from Check Point and isn't related to the ICA.