Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RTA
Participant

Replace SSL Cert via CLI

Hi all!

 

i'm verry new here, let me introduce 🙂 My Name is Robert, from Germany, getting a 6900 for my Company and right now trying to get around with some things 🙂

 

I try to replace the SSL Cert (.p12) via CLI but didn't find how to ... Maybe someone can help me out here?

 

found this, but still get the old cert when i connect to the GW website ... after i changed the Cert via SmartConsole it worked, but i wan't to replace it via CLI ..

 

Anyone any hints?

 

Thanks a lot!

Robert

7 Replies
_Val_
Admin
Admin

Why do you want to do that via CLI? Replace via SmartConsole and make sure you did install policy to the GW

RTA
Participant

Because our internal Certs running maximum 6Month and i wan't to automate this process...

PhoneBoy
Admin
Admin

Unfortunately this is not something that can be done via the CLI or API at this time.

RTA
Participant

To sad, but at least i know why i can't find it 🙂 thatnks a lot!

Robert

0 Kudos
_Val_
Admin
Admin

I am not 100% convinced @PhoneBoy's answer is accurate. @RTA please look into sk97648 and let me know if that helps. There is definitely a way to change multi-portal cert from CLI on the local device. It is just need to be tested and fitted (if possible) to your own use case.

 

We do not have MGMT API calls for this task. That part of statement is correct.

0 Kudos
RTA
Participant

Thx @_Val_ , problem is i have MultiPortal feature running, i tried to exchange certs in /web/conf/ but didn't work as i run MultiPortal ... hmmm I don't find the Path where this feature put's it's Certs ...

 

i was crwaling through the filesytem, only coud find in /opt/CPshrd-R81/web/Apache/conf/extra/httpd-ssl.conf that the verts should be in /local_ckp/src/cpapache/ice_main/release.dynamic/CMpub//conf/linux50/release.dynamic/ but this directory doesn't exist on my GW ... maybe this is some hidden or chroot enviroment?

 

Maybe someone has another idea?

 

Thanks

Robert

0 Kudos
_Val_
Admin
Admin

Got it. I suggest you raising RFE with your local Check Point office then.

0 Kudos