Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
emreturkmenler
Contributor

Can't delete expired or revoked certs from ICA Mgmt Tool ICA_CRL0.crl files being too big (sk135492)

Hi,

I'm having this issue as I cannot delete the expired and revoked certificates on the management server and their number has reached to almost 7000.

We are having the issues explained in the SK

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Symptoms
  • Policy installation fails with: "Installation failed. Reason: Authentication error [ SIC error no. 147]" error.

  • The policy installation might fail on any number of Security Gateways.

  • "Smart Dashboard component failed to connect to server . please contact technical support" error while opening any object.

  • Statuses for all existing Security Gateways appear with a red "X"

Cause

The $FWDIR/conf/crls/ICA_CRL0.crl CRL File on the Security Management Server is too large.

 

We did what was provided as a solution by revoking and creating the SIC certificate but it was no use.

As asked the file on the top is huge including thousands of certs.

# ls -la $FWDIR/conf/crls/
total 14500
drwxr-x--- 2 admin bin 327 Jan 14 11:26 .
drwxrwx--- 73  admin root 98304 Jan 14 11:58 ..
-rw-r----- 1 admin config 134178 Jan 14 10:16 ICA_CRL0.crl
-rw-r----- 1 admin config 525 Jan 14 10:16 ICA_CRL1.crl
-rw-r----- 1 admin root 525 Jan 14 10:16 ICA_CRL2.crl
-rw-r----- 1 admin root 525 Jan 14 10:16 ICA_CRL3.crl
-rw-rw---- 1 admin root 591 Jan 14 11:26 ICA_CRL4.crl
-rw-rw---- 1 admin root 2458 Jan 14 11:26 ICA_CRL5.crl

 

As you can see from the uploaded image I cannot delete them because the box next to the items don't show up, few of them do show but deleting doesn't happen on them either.

And to note , I was able to delete the items on the ICA_CRL1.crl file because there were 30 at most , but ICA_CRL0.crl doesn't allow me to which is the main file having the cert items.

I am running R80.30 Take 226.

Anyone had similar issues?

 

Thank you

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Given the nature of this issue, I recommend involving the TAC.
Worst case, you might have to completely reset SIC which is…painful. 

0 Kudos
emreturkmenler
Contributor

Thank You PhoneBoy , it seems to be painful as we are working on the case with Support.

Wanted to ask if there are any others which have had similar issues.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events