This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee
Employee
‎2018-06-20 02:02 AM

How to renew CMA ICA

Ok, this should have been rather easy and obvious. Internal CA for CMA has expired and I want to renew it. Gateways - easy peasy. But with management / CMA  i struggle to find a single reference in User Centre / SKs. Anyone?

0 Kudos
5 Replies
ED
Advisor
‎2018-06-20 03:55 AM

Hope this helps Invoking the ICA Management Tool

Connect to Internal CA Management Tool with a web browser. 

Also this Expired certificates cannot be deleted from the Management Database

0 Kudos
Kaspars_Zibarts
Employee
Employee
‎2018-06-20 04:14 AM
In response to ED

I did just that before but there are no tools to "renew" certs per say. Does that mean that deleting Expired certs will automatically recreate valid one?

0 Kudos
Kaspars_Zibarts
Employee
Employee
‎2018-06-20 04:28 AM
In response to Kaspars_Zibarts

False alarm, looked at the wrong cert! It was not CMA ICA cert! Sorry

0 Kudos
ED
Advisor
‎2018-06-20 04:39 AM
In response to Kaspars_Zibarts

Bad suggestion.

"Use the ICA management tool for user certificate operations only, such as certificate creation. Do not use the ICA management tool to change SIC certificates or VPN certificates. Change SIC and VPN certificates in SmartConsole."

Houssameddine_1
Collaborator
‎2018-06-20 09:59 AM

you can use the command  cp_conf ca, becarfull in production, you have to restablish sic to every firewall managed by this CMA.

cp_conf ca :Description Initialize the Certificate Authority Syntax

> cp_conf ca init

> cp_conf ca fqdn Parameter Description init Initializes the internal CA fqdn Sets the FQDN of the internal CA to >cp_conf finger Description Displays the fingerprint which will be used on first-time launch to verify the identity of the Security Management server being accessed by the SmartConsole. This fingerprint is a text string derived from the Security Management server's certificate Syntax

> cp_conf finger get

Thanks

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫