- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Certificate revoked on R80.30 when logon with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Certificate revoked on R80.30 when logon with SmartConsole
I got suddenly a certificate revoked message out of nothing when I try to logon via SmartConsole R80.30. Special is, from another PC it still works? And it also worked yesterday morning, in the afternoon, dead!
I have seen sk113744 and sk20905, but I am not sure if this destroys all at once
So I had the idea that I can delete the SmartConsole client to reenforce the fingerprint challenge to see if it works than, but I have no chance to remove SmartConsole completely that I get challanged again.
Anyone any ideas what I could try, or at least see in detail what certificate maybe revoked?
Thanks, Oliver
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you try installing SmartDashboard Build 94 yet ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, tried but did not help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think that sk113744 and sk20905 do not apply as another PC succeeds - did you check your time settings that should be in sync with the SMS ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They are both in SYNC and uptodate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I thought so - and would not trigger that error... So either backup and try sk20905, or involve TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What I see in the $CPDIR/conf directory is very strange, obviously there was something autogenerated on the 1.12.2020. The date/time suites the problem
-rw-rw-r-- 1 admin root 3439 Dec 1 13:36 new_sic_cert.p12
-rw-rw-r-- 1 admin root 2583 Aug 27 2019 old_sic_cert.p12
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk110885 and sk169553 deal with these - looks as if sic_cert.p12 is corrupt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess sk110885 also applies for standalone installation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also sk20905, yes. Both have the same procedure and syntax, by the way 😎. But you currently have the old, the new and the current sic_cert.p12 . So you could try cpstop / backup sic_cert.p12 and rename old one to sic_cert.p12 / cpstart...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried this, but it did not help. I unloaded policy, as I could not connect, than I saw the message "Check Point Security Management Server is during initialization". Instead of the REVOKED message, I now get that the management is not available anymore. I tried to reconfigure the SIC in cpconfig, made it, did not brings anything. I tried the "fwm sic_reset" did not work, ended with a "failed", so no idea anymore what to do?