This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wayne_Hammond
Collaborator
‎2025-01-02 03:44 AM
Jump to solution

Cant renew expiring certificate

Screenshot 2025-01-02 114202.png

Hi,

My VPN certificate on R81.20 Gateway expires soon and I went through the usual process of deleting the existing and creating a new one, however today I got hit with this message

 

I have not seen this before and cant find anyway round it. Found a similar post about using GuiDBedit, but that didnt work.

 

Any help greatly appreciated

Happy New Year

Wayne

0 Kudos
4 Solutions

Accepted Solutions
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 05:26 AM
In response to Wayne_Hammond
Jump to solution

Maybe it is time to open a TAC case.

----------------
\m/_(>_<)_\m/

View solution in original post

0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-15 03:51 AM
In response to Wayne_Hammond
Jump to solution

Fixed it.

First took snapshot of SM VM (in case I bust it)

Used GuiDBedit and found entry for VPN refence in the FW object

Deleted it

Saved changes

Said a prayer

Opened Smart Console

VPN reference gone

Pushed policy for good measure

Still gone

Case closed

Thanks for all your help guys !!

View solution in original post

PhoneBoy
Admin
Admin
‎2025-01-24 03:08 PM
In response to Wayne_Hammond
Jump to solution

Depending on the JHF level, you might need to reboot for the change to take effect as I believe this is a known issue.

View solution in original post

0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-25 02:16 AM
In response to PhoneBoy
Jump to solution

I tried a CPSTOP and CPSTART and that did the trick.

 

Thanks 

View solution in original post

0 Kudos
27 Replies
Lesley
Mentor Mentor
Mentor
‎2025-01-02 04:24 AM
Jump to solution

I never delete and always use renew, have you tried that?

So instead of delete either add or renew?

You try it now to renew it under IPSec VPN correct? 

-------
If you like this post please give a thumbs up(kudo)! 🙂
Wayne_Hammond
Collaborator
‎2025-01-02 04:26 AM
In response to Lesley
Jump to solution

Hi Lesley,

The renew option has never been available for certs generated by external CA (i assumed this was the case)

I cannot renew and if i try ADD i cant use the same CN details

 

Cheers

Wayne

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-01-02 04:30 AM
In response to Wayne_Hammond
Jump to solution

Ah not self-signed.

What if you create a temp self signed cert and attach that, after that try to remove the old one. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 04:32 AM
In response to Wayne_Hammond
Jump to solution

Hi @Wayne_Hammond 

Can you share a little bit larger screenshot? In which menu did you get this message?

Whan you changed this cert last time, this cert was used in clientless VPN too?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-02 04:42 AM
In response to AkosBakos
Jump to solution

Hi Akos,

My larger images seem to get removed. I always do this under IPSecVPN and have never configured Clientless VPN

Cheers

Wayne

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 04:46 AM
In response to Wayne_Hammond
Jump to solution

To clarify this, so here:

You add the new one, then can't remove the old one?

2025-01-02 13_45_35-10.211.190.100-R81.20-SmartConsole.png

----------------
\m/_(>_<)_\m/
0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-02 04:48 AM
In response to AkosBakos
Jump to solution

Correct, at the moment I have a cert installed from an EXT CA

When i try to remove (as renew greyed out), the error message appears

I have never seen this before

Thanks

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 05:10 AM
In response to Wayne_Hammond
Jump to solution

I had a try, I wanted to delete the cert which was issued by ICA

I got this error: 

2025-01-02 14_08_11-10.211.190.100-R81.20-SmartConsole.png

Maybe helps.

A

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2025-01-02 12:43 PM
In response to AkosBakos
Jump to solution

Weird, just tried in my lab and though its part of 3 commuities, does not give that error.

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-01-02 04:49 AM
In response to Wayne_Hammond
Jump to solution

Make sure that if you have the temp cert active the old one is not configured in a different place.

Did you checked all the menu options in the firewall object itself? Like under VPN clients. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-02 04:55 AM
In response to Lesley
Jump to solution

Hi Lesley,

Yes, i cannot see it selected anywhere else

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-01-02 05:04 AM
In response to Wayne_Hammond
Jump to solution

I think we need some screenshots. Sometimes a feature is disabled and you need to enable it in order for renewal. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 05:16 AM
In response to Wayne_Hammond
Jump to solution

We haven't talk about the version. What is current version?

I found this sk, but it is not relevant, R80.20 is not supported, and the error message is totally different.

https://support.checkpoint.com/results/sk/sk108064

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-02 05:23 AM
In response to AkosBakos
Jump to solution

Saw that, but it did nothing

Thanks

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 05:26 AM
In response to Wayne_Hammond
Jump to solution

Maybe it is time to open a TAC case.

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-02 05:30 AM
In response to Wayne_Hammond
Jump to solution

Please keep us updated. 🙂

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2025-01-02 12:40 PM
Jump to solution

I believe what its telling you to do is remove any references of that certificate currently, install policy and then delete option would work.

Andy

0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-05 11:09 PM
In response to the_rock
Jump to solution

yes, I am pretty sure all refences have been removed.

Waiting for TAC

Cheers all !!

0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-15 03:51 AM
In response to Wayne_Hammond
Jump to solution

Fixed it.

First took snapshot of SM VM (in case I bust it)

Used GuiDBedit and found entry for VPN refence in the FW object

Deleted it

Saved changes

Said a prayer

Opened Smart Console

VPN reference gone

Pushed policy for good measure

Still gone

Case closed

Thanks for all your help guys !!

AkosBakos
Mentor Mentor
Mentor
‎2025-01-15 04:03 AM
In response to Wayne_Hammond
Jump to solution

Thanks to share with us!

----------------
\m/_(>_<)_\m/
0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-24 01:35 AM
In response to AkosBakos
Jump to solution

Hi Guys, 

I seem to have now developed another issue, similare to post https://community.checkpoint.com/t5/Remote-Access-VPN/Remove-Access-VPN-Gateway-presenting-wrong-cer...

With the faulty Ext CA gone, I got a new one and it all installed ok, however when I inspect the SSL cert the FW presents the default one and not the Ext CA.

 

Very weird 

vpn1.png

fw-default.png

 Any ideas?

 

Thanks

Wayne

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-24 03:08 PM
In response to Wayne_Hammond
Jump to solution

Depending on the JHF level, you might need to reboot for the change to take effect as I believe this is a known issue.

0 Kudos
Wayne_Hammond
Collaborator
‎2025-01-25 02:16 AM
In response to PhoneBoy
Jump to solution

I tried a CPSTOP and CPSTART and that did the trick.

 

Thanks 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-27 10:25 AM
In response to Wayne_Hammond
Jump to solution

That should work also.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top