Create a Post
Showing results for 
Search instead for 
Did you mean: 

Cannot connect SmartDashboard because of expired certificate

Hi all,

I have an old appliance running R77.30 (yes, it going to be replaced ASAP). 🙂

After Christmas I tried logging in to the SmartDashboard, but got a message about expired certificate.
The gateway is running fine, but I can't access the management.

I tried the suggested solution in sk20905, but it didn't help:
  cpca_client revoke_cert -n "CN=cp_mgmt"
  cpca_client create_cert -n "CN=cp_mgmt" -f $CPDIR/conf/sic_cert.p12
  cpca_client lscert -stat Valid | grep -A 2 "CN=cp_mgmt,"

    Subject = CN=cp_mgmt,OU=users,O=CheckPoint..w467zy
    Status = Expired Kind = IKE Serial = 11158 DP = 1
    Not_Before: Sun Jan 2 21:40:20 2022 Not_After: Sun Dec 26 16:20:31 2021

    Subject = CN=cp_mgmt,O=CheckPoint..w467zy
    Status = Expired Kind = SIC Serial = 46732 DP = 0
    Not_Before: Wed Jan 5 13:24:02 2022 Not_After: Sun Dec 26 16:20:31 2021

"Not_Before" looks fine, but "Not_After" still shows 2021.
I guess the creation of new certificates is relying on something else that has the old date?
I will be happy for any suggestions.

I am aware of the issue with Unix epoch.
I am running Take 351, but it doesn't fix the certificate that is already expired.

Best regards 

0 Kudos
2 Replies

This will help you:

You need to reset the certificate.

1. Check Certificate:

cpca_client lscert -stat Valid
cpca_client lscert -stat Valid -kind SIC

2. Go to files:
cd $CPDIR/conf
ls -lh | grep sic

3. Make backup of the actual certificate
cp $CPDIR/conf/sic_cert.p12.backup

4. Reset the SIC certificate:
cpca_client revoke_cert -n "CN=cp_mgmt"
cpca_client create_cert -n "CN=cp_mgmt" -f $CPDIR/conf/sic_cert.p12

0 Kudos

That process seems reasonable. I hope they got it fixed considering post was made back in 2022 and R77.30 has been unsupported since 2017 I think.


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events