This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ryan_St__Germai
Specialist
‎2018-12-08 09:29 AM

Migration to SHA256 for internal CA

Hey Guys. Just need a sanity check. Running R77.30 and our VPN Certificate is showing as using SHA1. I am looking at the SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) article.

It mentions Resetting SIC. Am I correct in assuming this is only if we wanted to re-generate the SIC certificate using SHA256? If we just simply wanted to re-generate the cert used for VPN this is not needed? So for instance all I would need to do is the following if I just wanted a SHA256 cert for VPN:

1. Run  cpca_client set_sign_hash sha256 on the mgmt box

2. Re-generate VPN certificate under each gateway

3. Install policy

Thanks!

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2018-12-09 07:38 AM

I believe you are correct.

The setting applies for NEW certificates generated going forward, not for existing ones.

Note that once you do this, you will not be able to generate new SIC certificates for gateways prior to version R71, which do not support SHA2 hashes.

Ryan_St__Germai
Specialist
‎2018-12-10 07:07 AM
In response to PhoneBoy

Thanks! I will give it a shot and hopefully all goes well. 

0 Kudos