Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ilirz
Participant

Smart console R 80.20 revoked certificate

Hi 

Please can someone help me to fix the problem with my managemnet .

Can not connect to management from smart console and show error "Certificate revoked".

From ssh i can access the management firewall.

How to fix this problem without impact to all security gateway.

 

In management i used this command and see that there are valid certificate for management 

cpca_client lscert -stat Valid -kind SIC

Not_Before: Mon May 15 00:06:05 2023 Not_After: Sun May 14 00:06:05 2028

Not_Before: Thu May 18 00:21:36 2023 Not_After: Wed May 17 00:21:36 2028

Not_Before: Sat May 20 00:31:35 2023 Not_After: Fri May 19 00:31:35 2028

I don't know why those certificates are created 

[Expert@CPMNG01:0]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current 32G 15G 16G 48% /
/dev/sda1 289M 114M 161M 42% /boot
tmpfs 7.8G 4.0K 7.8G 1% /dev/shm
/dev/mapper/vg_splat-lv_log 775G 614G 122G 84% /var/log

 

[Expert@CPMNG01:0]# grep -i sicname HKLM_registry.data
:MySICname ("cn=cp_mgmt,o=CP_MNG01..nvjpin")
[Expert@CPMNG01:0]#

 

 

0 Kudos
2 Replies
Tal_Paz-Fridman
Employee
Employee

I suggest going over the following SKs:

 

sk113744 - "Certificate revoked" or "Certificate Expired" error when trying to login to SmartConsole

https://support.checkpoint.com/results/sk/sk113744

 

sk169553 - Login to SmartConsole sometimes fails with the "certificate revoked" message, and policy installation in SmartConsole fails with "Error - SIC error 147"

https://support.checkpoint.com/results/sk/sk169553

 

If the SKs do not help I can try consulting relevant R&D owners.

0 Kudos
the_rock
Legend
Legend

Please follow below what @Blason_R suggested in below link

Andy

https://community.checkpoint.com/t5/Management/Certificate-Revoked-error-on-smartconsole/m-p/181761#...

 

cpca_client lscert -stat Valid
cpca_client lscert -stat Valid -kind SIC
cd $CPDIR/conf
ls -lh | grep sic
cp $CPDIR/conf/sic_cert.p12{,_BACKUP}
cpca_client revoke_cert -n "CN=cp_mgmt"
cpca_client create_cert -n "CN=cp_mgmt" -f $CPDIR/conf/sic_cert.p12

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events