This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Malik1
Contributor
‎2020-12-02 06:50 AM

Changing certificate hash to sha-256 and length tp 2048

Hi Experts


We have recently upgraded for mgmt servers from r77.30 to r80.30  and its my understanding that the default signing algorithm of the Internal CA (ICA) was changed from SHA-1 to SHA-256.I have already gone through the SK103840 and its more about changing the default SHA algorithm from sha-1 to sha-256 used by the ICA to issues certificates in R77.30 or reverse from sha-256 to sha-1 in R80.30.


1. So from this point forward, for new certificates and for re-generated certificates the hash will be SHA-256. Our manager is already on R80.30 so the default signing algorithm of the Internal CA (ICA)  is sha-256. So any new cert or renewed cert will be issued with sha-256. Is that correct ?

2. How can we change the algorithm hash for ICA itself (ICA certificate / root certificate) to SHA-256. In R77.30 it was not possible but is it possible in R80.30 ?

3.Also i had a query about how to change default key length size of the mgmt server and gateway to 2048-bit ? Will this be done when we renew the certs ?

Regards,
Sijeel Malik

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-12-02 07:13 AM

The only way to change the ICA certificate to sha-256 is to completely reset SIC using fwm sic_reset.
This is quite disruptive, which is why it’s not done by default.

0 Kudos
Malik1
Contributor
‎2020-12-02 07:28 AM
In response to PhoneBoy

Hi

So in order to change the ICA cert to sha-256 we us the fwm sic_reset command that will delete all the cert issued and the recreate the ICA.

 

So  how to change default key length size of the mgmt server and gateway certs to 2048-bit

 

Sijeel

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-02 09:28 AM
In response to Malik1

2048-bit is the default (has been since R77), but if you want to change it: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events