This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
svori
Collaborator
Collaborator
‎2023-03-08 02:55 AM
Jump to solution

Notification of expiring VPN certificate

Hi,

Just recently the expiration of VPN certificates was changed from 5-6 years down to 1 year to comply with a RFC.

This is good but can be a bit tricky since also Identity Awareness use this certificate, possibly also more services.

So for example if you use Identity Awareness but not VPN blade then you must temporarily enable VPN blade, check and/or renew certificate so it is valid for another year.

Is it possible to get an notification if before the certificate expires ?

I saw a previous discussion here on Check Mates, but that was when VPN blade is enabled.

Would be very useful if for example the cluster object got a warning sign a week or two before it happens.

 

 

0 Kudos
1 Solution

Accepted Solutions
matangi
Employee
Employee
‎2023-03-08 04:54 AM
Jump to solution

Hi @svori 

In R81.20, New alert was added for that matter.

The Management Server begins to show 'warning' status starting 60 days before the certificate expiration date.

For more details, see sk178304 - SmartConsole shows a warning or error icon near the Security Gateway / Cluster object abo....

Thanks,
Matan

View solution in original post

5 Replies
the_rock
Legend
Legend
‎2023-03-08 03:40 AM
Jump to solution

As far as I know, you would get warning when pushing the policy about it 1 month before cert is to expire.

0 Kudos
Danny
Champion Champion
Champion
‎2023-03-08 03:40 AM
Jump to solution

That's perfectly possible. Just script a scheduled event on your SMS that checks the postgres monitoring database and generates an email alert whenever a warning is detected.

Example for R81.20: psql_client monitoring postgres -c "select * from statuses_view"

0 Kudos
matangi
Employee
Employee
‎2023-03-08 04:54 AM
Jump to solution

Hi @svori 

In R81.20, New alert was added for that matter.

The Management Server begins to show 'warning' status starting 60 days before the certificate expiration date.

For more details, see sk178304 - SmartConsole shows a warning or error icon near the Security Gateway / Cluster object abo....

Thanks,
Matan

the_rock
Legend
Legend
‎2023-03-08 05:28 AM
In response to matangi
Jump to solution

Thats EXCELLENT change @matangi 

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-03-08 06:07 AM
In response to matangi
Jump to solution

Also, wanted to say, its GREAT to see now in web UI when you try download jumbo hotfix, if cpuse agent is not the latest version, pop-up window comes up asking to upgrade it.

AWESOME 👍👍👌👌

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top