You guys are the best @PhoneBoy, @the_rock, @_Val_ ! Enabling ICA mgmt tool put me in the right path.
I followed the sk30501 for settings up access to the ICA but I couldn't access the ICA site although cpca_client set_mgmt_tool print showed that access was enabled and port 18265 was listening.
After some troubleshooting I found the solution for both problems in sk39915 in the notes section. Apparently the private key file was now longer valid or get corrupted as a result of the upgrade process. After running the next commands:
- Rename the current private key file $FWDIR/state/InternalCA_site.p12:
[Expert@HostName]# mv $FWDIR/state/InternalCA_site.p12 $FWDIR/state/InternalCA_site.p12_ORIGINAL
- Disable the ICA Management Tool:
[Expert@HostName]# cpca_client set_mgmt_tool off
- Enable the ICA Management Tool:
[Expert@HostName]# cpca_client set_mgmt_tool on
- Check if the new private key file was created:
[Expert@HostName]# ls -l $FWDIR/state/InternalCA_site.p12
I was able to access the ICA management site. I wanted to find the certificate a bit easier using the serial number and ran cpca_client another time. To my surprise the expiring certificate was replaced by a new one. Success !
I added of few more screenshots if someone else is running into this issue. What I noticed is that the internalca_site.p12 file contains different certificates than I did expect. And apparently there is now a new internal_ca certificate ( expiring in 2038 ) and it is different to the internal_ca certificate shown in smart console.
I did some tests and everything seems to work. Thus I'm hopping there not a new problem now.
Anyway, many thanks again for your help!