Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duane_Toler
Collaborator

Management Internal CA renewal

Looks like we have management ICA *CAs* expiring nowadays.  The SK for it is useless ("re-sign the CA or call TAC"). Meh.  Can we re-sign the ICA cert with the existing keys so as to avoid SIC reset everywhere?  This isn't SIC, or VPN certs, etc; it's the ICA CA itself.

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

I assume you’re referring to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

The procedure involves a script that, assuming you’re on the right version/JHF levels, should preserve SIC in the process.
However, it appears applying that script without being on the correct version can make things worse.
This is likely why this script currently requires calling TAC to obtain.

Duane_Toler
Collaborator

I opened a TAC case online to ask. 😕 

We should have a special CompetentMates board for those who can read requirements, know how to run things, know how to watch for troubles, along with how to fix things in a pinch.  Pre-requisites being "minimum 10 years working with Check Point products, CCSE (or CCSM? or that new troubleshooting one?), work with/be a Partner".  Would be nice to get some good lovin' to help customers faster. 

0 Kudos