This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
An_Ly
Explorer
‎2018-06-01 08:12 AM
Jump to solution

UserCheck portal certificate problem when FW's IP address is changed

Hi,

I have a VSX HA R80.10 clustered environment.  There is a VS firewall with App & URL filtering and UserCheck portal turned on also.  

The issue I have is when I changed the firewall external interface to another IP address the UserCheck portal certificate is not recreated.  Therefore it still has the old IP address which cause a SSL certificate error.  I have engaged Checkpoint support but without a solution so far.

Does anyone knows how to regenerate the UserCheck portal certificate?

Note: I attached two screenshots.  Capture1 shows the usercheck IP of 192.168.39.11 and Capture2 shows the usercercheck certificate's SAN IP of 192.168.39.20

Preview file
16 KB
Preview file
33 KB
1 Solution

Accepted Solutions
Kurtis_Johnson
Employee
Employee
‎2022-11-29 11:17 AM
Jump to solution

Answering because I ran into this today...

Easy button - renew the VPN certificate on the gateway/cluster in question.  Correct the IP address and add a FQDN to future proof it from IP changes.  

View solution in original post

Preview file
22 KB
Preview file
13 KB
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2018-06-01 09:56 AM
Jump to solution

You can generate a certificate as desired and import it, as shown here:

0 Kudos
An_Ly
Explorer
‎2018-06-01 10:31 AM
In response to PhoneBoy
Jump to solution

Dameon,

As it indicates the portal certificate is auto-generated somehow by the smart center behind the scene. I would like the certificate generated again by the smart center after the IP address has changed.  That's what I'm looking for.

I understand the other way around is to get a trusted CA but not everyone can do and that still doesn't correct the bug that a new certificate is not auto-generated when the IP changes.

PhoneBoy
Admin
Admin
‎2018-06-01 11:24 AM
In response to An_Ly
Jump to solution

You don't necessarily have to use a trusted CA for this, you can execute the commands in, e.g. openssl.

But agree there should be a more obvious way to do this.

0 Kudos
Nikhil_Deshmukh
Contributor
‎2018-09-09 11:51 AM
Jump to solution

Hi An Ly,

Hope this solves your query.

 How to generate new certificate for gateway/cluster

Thanks Smiley Happy

0 Kudos
Kurtis_Johnson
Employee
Employee
‎2022-11-29 11:17 AM
Jump to solution

Answering because I ran into this today...

Easy button - renew the VPN certificate on the gateway/cluster in question.  Correct the IP address and add a FQDN to future proof it from IP changes.  

Preview file
22 KB
Preview file
13 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events