Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Carlos20g
Participant

How to create an internal CA (CSR) for the smartview server?

Hi,

 

We got R80.30. I know it is Out of support, but I can anyone help with any info about how to create a CSR for the smartview server? 

 

Many Thanks

0 Kudos
11 Replies
G_W_Albrecht
Legend Legend
Legend

Why this is needed ? sk178506: "SmartView server certificate is invalid" message appears when opening new tab under Logs... ?

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

The question is not clear. Please elaborate.

0 Kudos
Carlos20g
Participant

Hi Thanks for the help.

We need to add a internal certificate on the smartview web interface. At the moment we have a self signed which is blocked on MS Edge. Question is How do you create a valid internal certificate for the smartview web interface? 

I hope this make more sense ?  

Thanks again

0 Kudos
_Val_
Admin
Admin

It does, to some extent, but I have more questions than answers. Do you prefer to use Web SmartConsole to connect to the SmartEvent, instead of the fat client? If yes, why not just add the CA cert to the list of trusted on all GUI client PCs? 

You cannot replace your ICA root with another trusted root, there are too many implications. Also, the amount of your GUI clients should be limited, right? Should not be that big of a deal

0 Kudos
Carlos20g
Participant

They want to access the swartview to see Logs etc only. I believe we need to create a new CA cert with names/Address and  add it to the GUI clients PCs?. I can test adding CA cert to one of the PCs, do you know how can I get the CA from the smartconsole server?

CPCERT.PNG

0 Kudos
_Val_
Admin
Admin

No, that would not help.

What you want to do is to add either root ICA cert or your SmartEvent certificate to the list of trusted CAs on windows clients. To do that, you need to export a certificate first.

It can be done with "fwm exportcert" command, look into CLI reference guide for more details.

0 Kudos
the_rock
Legend
Legend

Hey @Carlos20g 

Sounds like you need to follow below process first if you want to do this from web UI:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Andy

0 Kudos
Carlos20g
Participant

 

 

Thanks @the_rock 

 

After setting up the ICA Management Tool I think I am getting closer, now here can I generate a new cert to be install on windows trusted machines? 

 

CACert1.PNG

 

 

 

0 Kudos
the_rock
Legend
Legend

Does below not let you do so?

Andy

 

Screenshot_1.png

0 Kudos
Carlos20g
Participant

@the_rock 

Yes I generated a couple and I installed them on the trusted cert in one of the test window PC, but I am still getting the cert error on the browser, I guess I am missing something somewhere or doing it wrong. Do you have a SK with any info about how to manage the CA and deployment? thanks

0 Kudos
the_rock
Legend
Legend

K, can you please send what you configured? Please blur out any sensitive info...you can also message me privately, lets do remote session if you are allowed.

Cheers mate.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events