Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Obiwan1968
Participant

Certificate revoked on R80.30 when logon with SmartConsole

I got suddenly a certificate revoked message out of nothing when I try to logon via SmartConsole R80.30. Special is, from another PC it still works? And it also worked yesterday morning, in the afternoon, dead!

I have seen sk113744 and sk20905, but I am not sure if this destroys all at once

So I had the idea that I can delete the SmartConsole client to reenforce the fingerprint challenge to see if it works than, but I have no chance to remove SmartConsole completely that I get challanged again.

Anyone any ideas what I could try, or at least see in detail what certificate maybe revoked?

Thanks, Oliver

0 Kudos
10 Replies
G_W_Albrecht
Champion
Champion

Did you try installing SmartDashboard Build 94 yet ?

0 Kudos
Obiwan1968
Participant

Yes, tried but did not help

0 Kudos
G_W_Albrecht
Champion
Champion

I think that sk113744 and sk20905 do not apply as another PC succeeds - did you check your time settings that should be in sync with the SMS ?

0 Kudos
Obiwan1968
Participant

They are both in SYNC and uptodate

0 Kudos
G_W_Albrecht
Champion
Champion

I thought so - and would not trigger that error... So either backup and try sk20905, or involve TAC.

0 Kudos
Obiwan1968
Participant

What I see in the $CPDIR/conf directory is very strange, obviously there was something autogenerated on the 1.12.2020. The date/time suites the problem

-rw-rw-r-- 1 admin root 3439 Dec 1 13:36 new_sic_cert.p12
-rw-rw-r-- 1 admin root 2583 Aug 27 2019 old_sic_cert.p12

0 Kudos
G_W_Albrecht
Champion
Champion

sk110885 and sk169553 deal with these - looks as if sic_cert.p12 is corrupt

0 Kudos
Obiwan1968
Participant

I guess sk110885 also applies for standalone installation?

0 Kudos
G_W_Albrecht
Champion
Champion

Also sk20905, yes. Both have the same procedure and syntax, by the way 😎. But you currently have the old, the new and the current sic_cert.p12 . So you could try cpstop / backup sic_cert.p12 and rename old one to sic_cert.p12 / cpstart...

0 Kudos
Obiwan1968
Participant

Tried this, but it did not help. I unloaded policy, as I could not connect, than I saw the message "Check Point Security Management Server is during initialization". Instead of the REVOKED message, I now get that the management is not available anymore. I tried to reconfigure the SIC in cpconfig, made it, did not brings anything. I tried the "fwm sic_reset" did not work, ended with a "failed", so no idea anymore what to do?

0 Kudos