Create a Post
Showing results for 
Search instead for 
Did you mean: 

Can't delete expired or revoked certs from ICA Mgmt Tool ICA_CRL0.crl files being too big (sk135492)


I'm having this issue as I cannot delete the expired and revoked certificates on the management server and their number has reached to almost 7000.

We are having the issues explained in the SK

  • Policy installation fails with: "Installation failed. Reason: Authentication error [ SIC error no. 147]" error.

  • The policy installation might fail on any number of Security Gateways.

  • "Smart Dashboard component failed to connect to server . please contact technical support" error while opening any object.

  • Statuses for all existing Security Gateways appear with a red "X"


The $FWDIR/conf/crls/ICA_CRL0.crl CRL File on the Security Management Server is too large.


We did what was provided as a solution by revoking and creating the SIC certificate but it was no use.

As asked the file on the top is huge including thousands of certs.

# ls -la $FWDIR/conf/crls/
total 14500
drwxr-x--- 2 admin bin 327 Jan 14 11:26 .
drwxrwx--- 73  admin root 98304 Jan 14 11:58 ..
-rw-r----- 1 admin config 134178 Jan 14 10:16 ICA_CRL0.crl
-rw-r----- 1 admin config 525 Jan 14 10:16 ICA_CRL1.crl
-rw-r----- 1 admin root 525 Jan 14 10:16 ICA_CRL2.crl
-rw-r----- 1 admin root 525 Jan 14 10:16 ICA_CRL3.crl
-rw-rw---- 1 admin root 591 Jan 14 11:26 ICA_CRL4.crl
-rw-rw---- 1 admin root 2458 Jan 14 11:26 ICA_CRL5.crl


As you can see from the uploaded image I cannot delete them because the box next to the items don't show up, few of them do show but deleting doesn't happen on them either.

And to note , I was able to delete the items on the ICA_CRL1.crl file because there were 30 at most , but ICA_CRL0.crl doesn't allow me to which is the main file having the cert items.

I am running R80.30 Take 226.

Anyone had similar issues?


Thank you


0 Kudos
2 Replies

Given the nature of this issue, I recommend involving the TAC.
Worst case, you might have to completely reset SIC which is…painful. 

0 Kudos

Thank You PhoneBoy , it seems to be painful as we are working on the case with Support.

Wanted to ask if there are any others which have had similar issues.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events