Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
An_Ly
Explorer
Jump to solution

UserCheck portal certificate problem when FW's IP address is changed

Hi,

I have a VSX HA R80.10 clustered environment.  There is a VS firewall with App & URL filtering and UserCheck portal turned on also.  

The issue I have is when I changed the firewall external interface to another IP address the UserCheck portal certificate is not recreated.  Therefore it still has the old IP address which cause a SSL certificate error.  I have engaged Checkpoint support but without a solution so far.

Does anyone knows how to regenerate the UserCheck portal certificate?

Note: I attached two screenshots.  Capture1 shows the usercheck IP of 192.168.39.11 and Capture2 shows the usercercheck certificate's SAN IP of 192.168.39.20

1 Solution

Accepted Solutions
Kurtis_Johnson
Employee
Employee

Answering because I ran into this today...

Easy button - renew the VPN certificate on the gateway/cluster in question.  Correct the IP address and add a FQDN to future proof it from IP changes.  

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

You can generate a certificate as desired and import it, as shown here:

0 Kudos
An_Ly
Explorer

Dameon,

As it indicates the portal certificate is auto-generated somehow by the smart center behind the scene. I would like the certificate generated again by the smart center after the IP address has changed.  That's what I'm looking for.

I understand the other way around is to get a trusted CA but not everyone can do and that still doesn't correct the bug that a new certificate is not auto-generated when the IP changes.

PhoneBoy
Admin
Admin

You don't necessarily have to use a trusted CA for this, you can execute the commands in, e.g. openssl.

But agree there should be a more obvious way to do this.

0 Kudos
Nikhil_Deshmukh
Contributor

Hi An Ly,

Hope this solves your query.

 How to generate new certificate for gateway/cluster

Thanks Smiley Happy

0 Kudos
Kurtis_Johnson
Employee
Employee

Answering because I ran into this today...

Easy button - renew the VPN certificate on the gateway/cluster in question.  Correct the IP address and add a FQDN to future proof it from IP changes.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events