This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RTA
Participant
‎2020-12-01 04:07 AM

Replace SSL Cert via CLI

Hi all!

 

i'm verry new here, let me introduce 🙂 My Name is Robert, from Germany, getting a 6900 for my Company and right now trying to get around with some things 🙂

 

I try to replace the SSL Cert (.p12) via CLI but didn't find how to ... Maybe someone can help me out here?

 

found this, but still get the old cert when i connect to the GW website ... after i changed the Cert via SmartConsole it worked, but i wan't to replace it via CLI ..

 

Anyone any hints?

 

Thanks a lot!

Robert

ssl_cert.PNG
Preview file
32 KB
7 Replies
_Val_
Admin
Admin
‎2020-12-01 04:45 AM

Why do you want to do that via CLI? Replace via SmartConsole and make sure you did install policy to the GW

RTA
Participant
‎2020-12-01 04:48 AM
In response to _Val_

Because our internal Certs running maximum 6Month and i wan't to automate this process...

PhoneBoy
Admin
Admin
‎2020-12-02 06:16 PM

Unfortunately this is not something that can be done via the CLI or API at this time.

RTA
Participant
‎2020-12-02 10:14 PM
In response to PhoneBoy

To sad, but at least i know why i can't find it 🙂 thatnks a lot!

Robert

0 Kudos
_Val_
Admin
Admin
‎2020-12-03 01:50 AM
In response to RTA

I am not 100% convinced @PhoneBoy's answer is accurate. @RTA please look into sk97648 and let me know if that helps. There is definitely a way to change multi-portal cert from CLI on the local device. It is just need to be tested and fitted (if possible) to your own use case.

 

We do not have MGMT API calls for this task. That part of statement is correct.

0 Kudos
RTA
Participant
‎2020-12-03 02:09 AM
In response to _Val_

Thx @_Val_ , problem is i have MultiPortal feature running, i tried to exchange certs in /web/conf/ but didn't work as i run MultiPortal ... hmmm I don't find the Path where this feature put's it's Certs ...

 

i was crwaling through the filesytem, only coud find in /opt/CPshrd-R81/web/Apache/conf/extra/httpd-ssl.conf that the verts should be in /local_ckp/src/cpapache/ice_main/release.dynamic/CMpub//conf/linux50/release.dynamic/ but this directory doesn't exist on my GW ... maybe this is some hidden or chroot enviroment?

 

Maybe someone has another idea?

 

Thanks

Robert

0 Kudos
_Val_
Admin
Admin
‎2020-12-03 03:26 AM
In response to RTA

Got it. I suggest you raising RFE with your local Check Point office then.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top