This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Soroosh
Explorer
Friday

Reinitialize the Expired VPN Certificate

Hi everyone,

Recently I have a problem with reinitializing the VPN Certificate on SMB Gateways. on a cloud managed (infinity portal) SMBs 1570, 1535, 1530, and so on with firmware R81.10.10 (996002945), and  R81.10.15 (996003913) the VPN certificate is expired, and as it is connected to the SMP, I cannot reinitialize the internal certificate correctly. every time I tried, I got this error: "Failed to reinitialize certificates".
The new certificate is there, but it is not healthy, and the VPN is not working.
A Professional once told me that certificates on Cload-managed SMBs have to be managed only through SMP. I have done that, and the certificate is on the gateway, but not as a VPN certificate, as a cloud service provider certificate. At this point, the only way I can renew the certificate correctly is to disconnect the gateway from the SMP, renew the certificate, and reconnect it. But this shouldn't be the right way! Its not a solution, its just a workaround!
Has anyone any solution?
Thanks in advance.

Preview file
15 KB
Preview file
90 KB
0 Kudos
3 Replies
the_rock
Legend
Legend
Friday

That seems like a pretty serious issue. I would call TAC and get remote session going to fix it.

Andy

0 Kudos
PhoneBoy
Admin
Admin
Friday

TAC case is probably best here: https://help.checkpoint.com 

0 Kudos
Ted_Serreyn
Collaborator
Monday

I have a long standing TAC case open on VPN certificate problems on the SMBs.  It's really odd that we are still seeing issues with certificates on these (or any) devices.

 

In my case installing a .p12 certificate bundle for vpn.domain.com on the device, and renewing it had problems.  It can be re-done (remove everything, reboot box, and re-install) but this really should NOT be required IMHO.

 

Of course then when the certificate is actually installed and functioning, the VPN sometimes suddenly fails to see it and stops using the certificate for VPNs causing them to fail.

 

I have had this issue on newer firmware R81.10.10, R81.10.15, and has finally reached a threshold of 30% failures with one of my clients.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events