How to renew CMA ICA

Kaspars_Zibarts · ‎2018-06-20

Ok, this should have been rather easy and obvious. Internal CA for CMA has expired and I want to renew it. Gateways - easy peasy. But with management / CMA i struggle to find a single reference in User Centre / SKs. Anyone?

ED · ‎2018-06-20

Hope this helps Invoking the ICA Management Tool

Connect to Internal CA Management Tool with a web browser.

Also this Expired certificates cannot be deleted from the Management Database

Kaspars_Zibarts · ‎2018-06-20

I did just that before but there are no tools to "renew" certs per say. Does that mean that deleting Expired certs will automatically recreate valid one?

Kaspars_Zibarts · ‎2018-06-20

False alarm, looked at the wrong cert! It was not CMA ICA cert! Sorry

ED · ‎2018-06-20

Bad suggestion.

"Use the ICA management tool for user certificate operations only, such as certificate creation. Do not use the ICA management tool to change SIC certificates or VPN certificates. Change SIC and VPN certificates in SmartConsole."

Houssameddine_1 · ‎2018-06-20

you can use the command cp_conf ca, becarfull in production, you have to restablish sic to every firewall managed by this CMA.

cp_conf ca :Description Initialize the Certificate Authority Syntax

> cp_conf ca init

> cp_conf ca fqdn Parameter Description init Initializes the internal CA fqdn Sets the FQDN of the internal CA to >cp_conf finger Description Displays the fingerprint which will be used on first-time launch to verify the identity of the Security Management server being accessed by the SmartConsole. This fingerprint is a text string derived from the Security Management server's certificate Syntax

> cp_conf finger get

Thanks

Are you a member of CheckMates?

How to renew CMA ICA