This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jack_Prenderga1
Contributor
‎2018-04-12 04:07 AM

ICA Management Tool

Hello.

When I try create and download certificates, or edit the CA settings, I get this

The URL you requested could not be found on this server.

This is when I am connected to the ICA management tool on 18265.

Any advice?

7 Replies
Danny
Champion Champion
Champion
‎2018-04-12 05:37 AM

The ICA Management Tool is disabled by default. You can enable it on the CLI of your SmartCenter Server.

Example: cpca_client set_mgmt_tool on -no_ssl

Access the WebUI of your ICA Management Tool via : http://<ip-of-your-smartcenter>:18265

cpca_client [-d] set_mgmt_tool on|off [-p <ca_port>] [-no_ssl]
[-a|-u "administrator|user DN" ... ]

  * on starts the ICA Management Tool (on port 18265)
  * off stops the ICA Management Tool
  * -p specifies a different port to access the ICA Management Tool
  * -no_ssl starts the ICA Management Tool on http instead of https
  * -a "administrator DN"

Sample screenshot:

If your issue remains, try to work on CLI only by using the following commands:

cpca_client lscert

cpca_client create_cert

cpca_client revoke_cert

Jack_Prenderga1
Contributor
‎2018-04-12 05:46 AM
In response to Danny

Danny,

thanks for your reply.

it is enabled. I can connect to the tool, and get the same pages as you provided. Whenever I try download a certificate, it comes up the error above. A few other parts to the site display the same error too.

if I did it via clish, how would I download the cert? Or retrieve it?

0 Kudos
Jack_Prenderga1
Contributor
‎2018-04-12 05:46 AM
In response to Jack_Prenderga1

In addition, I do have SSL enabled. Should I disable it as you said above?

0 Kudos
Danny
Champion Champion
Champion
‎2018-04-12 05:48 AM
In response to Jack_Prenderga1

That's what I suggested to try. May I ask what you are trying to do with the ICA Management Tool that SmartDashboard can't?

You would copy certs off your SmartCenter's CLI via scp of course.

0 Kudos
Jack_Prenderga1
Contributor
‎2018-04-12 06:17 AM
In response to Danny

You maybe able to help me here actually.

I am setting up the authentication for mobile remote access. I want all corporate machines, connection to the IPSEC VPN to have a personal certificate, and also RADIUS auth.

I know there is an option under multiple auth for cert+user and password.

I believe the 'personal certificate' part needs to be created by the internal CA, hence why I am trying to log into the ICA.

Am I doing this wrong? I want 1 generic certificate that I can generate and deploy via group policy to all corporate machines, so non-corporate machines can not connect, regardless if they can authenticate via RADIUS.

1) Would this work?

2) Is this the best way to do it?

Danny - your help is appreciated. I feel like I am running around in circles at the moment.

0 Kudos
Danny
Champion Champion
Champion
‎2018-04-12 06:27 AM
In response to Jack_Prenderga1

Typically you'd create personal certificates within SmartDashboard within the User Properties of your User Accounts.

0 Kudos
Jack_Prenderga1
Contributor
‎2018-04-12 06:34 AM
In response to Danny

Okay, I have a question for you then.

So, as above, we need a certificate for machines, not users. We may have multiple users over the year using the same corporate laptop. We need 1 certificate we can deploy across all corporate machines, so its locked and stored there, and deployed via group policy.

If I did it that way, through SmartDashboard, how could I create 1 generic one for machines, and not tie it to single users? We have over 4000 employees, and 3000 corporate laptops. Obviously it would be impossible deploy a certificate for every user, or every machine.

1 generic one would do the trick. Any clues?

Thanks again.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top