This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dehaasm
Collaborator
‎2023-07-24 02:25 AM

renew IA portal certificate

We need to renew the portal/ia certificate on the gateway, because it is going to expire soon August 30, 2023 (verified by browsing to the firewall), however when we look into the cluster properties and certificate settings window it shows that the certificate had already been expired, which is not the case.

How can we assure that we will replace the correct certificate, should we engage with TAC on this matter?

 

 

portalcertexpired.png
Preview file
124 KB
0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-07-24 02:56 AM

See sk108352: How to create / update the Gaia Portal certificate (signed by ICA) for Security Gateway / ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
dehaasm
Collaborator
‎2023-07-24 03:16 AM
In response to G_W_Albrecht

maybe i am looking into the wrong place, the certificate we need to update is used by the IA identity agents installed on the laptops so that one need to be renewed, is there a procedure for that one?

ps: i believe when expired that would impact the connection for IA agents to the gateway (TLS handshake not untrusted), but the URL for IA is the same as mentioned in screenshot starting with cpia.

 

and the current cert is actually from a known CA provider not from Check Point internal CA

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-07-24 03:49 AM
In response to dehaasm

Was it used in setting a 3rd party cert for the portal like here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-07-24 03:57 AM
In response to dehaasm

Did you already check "sk106500: How to replace Identity Agent Certificate in the Security Gateway object" ?

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2023-07-24 05:29 AM
In response to dehaasm

I followed sk Chris gave last year with the customer and worked fine.

Have you tried that?

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top