Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BigHec
Contributor

When does the Management Server will distribute/renew the SIC Cert to the Firewall

Hi Everyone!

I have a question about the SIC Cert of the Management Server. What I wanna to know is that when will the Management Sever renew or distribute the new SIC cert to the Firewall? 

For example in this given scenario, the previous SIC cert of the Management Server will be expired at 14th of July 2023. At the date 14th of June 2023, I already renewed with the new SIC Cert on the Management Server but at the Firewall it still shows the previous cert with the expiry date of 14th of July 2023.

So whereby I am here to ask, 
1) When will the new SIC cert be distribute to the Firewall from the Management Server
2) Normally how often the Management Server will automatically check and compare the SIC cert of its own with the Firewall from time to time?

 

Thanks!

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

According to the product documentation, SIC certificates are renewed automatically after 75% of the validity time of the certificate has passed. If, for example, the SIC certificate is valid for five years. After 3.75 years, a new certificate is created and downloaded automatically to the SIC entity.

In practice, this does not always happen, for example, because of: https://support.checkpoint.com/results/sk/sk164255 
You can force a SIC certificate renewal with: https://support.checkpoint.com/results/sk/sk43783 

Automatic SIC renewal is not supported on older SMB appliances: https://support.checkpoint.com/results/sk/sk158333 
In this case, you'll need to do the process manually as described in the SK.

 

0 Kudos
BigHec
Contributor

Another question, how about if it is the ICA cert? Does the ICA cert renewal process/procedure all the same with the SIC cert you mentioned above?

 

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

For the ICA itself, refer to: https://support.checkpoint.com/results/sk/sk158096 
Renewal of this is not an automatic process.
Per sk122874, the ICA is created with an expiration time of the max Unix epoch (January 2038).
In older releases (prior to R80.30), the ICA was created with an expiration time 20 years from the date of first install.
In practice, only customers who have Check Point installations dating back to the 2000s will need to do this at present.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events