This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AVG132
Explorer
‎2023-03-23 04:52 AM
Jump to solution

How to Renew Certificate on Security Gateway.

Hi All , 

We are having a Security gateway whose certificate is about to expire in 15 days .It was issued by Security Management Server 5 years back. 1.What is a procedure to update this certificate .We are not planning to use external/internal separate CA for this .

2.Is there any impact if this certificate gets expired ?

3.Is there any SK article for this ?

0 Kudos
3 Solutions

Accepted Solutions
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-03-23 07:38 AM
Jump to solution

An expired certificate will mean VPN will fail.

Edit the Security Gateway object.

 

2023-03-23 16_32_04-Check Point Gateway - Corporate-GW.png

View solution in original post

girisht
Employee
Employee
‎2023-03-24 03:13 AM
In response to AVG132
Jump to solution

Hi there,

Renewing the IPSEC repository certificate will only impact the RA VPN and S2S VPN if the certificate is being used. So it would be advised to perform in lean hours. Once the certificate is renewed just push the policy.
Moreover, it doesn't require any changes on the MGMT server side and it will not renew automatically. An admin has to renew the certificate whenever it expires. 
Additional info: sk176527

 

View solution in original post

the_rock
MVP Platinum
MVP Platinum
‎2023-03-24 03:18 AM
Jump to solution

Just do what @girisht and @Tal_Paz-Fridman said. Btw, its totally safe to even do this in production hours, I had done it at least 20 times and never an issie. Now, to be safe, maybe better off hours, but you will be fine either way.

Also, dont forget to install policy afterwards.

Andy

Best,
Andy

View solution in original post

0 Kudos
(1)
6 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-03-23 07:38 AM
Jump to solution

An expired certificate will mean VPN will fail.

Edit the Security Gateway object.

 

2023-03-23 16_32_04-Check Point Gateway - Corporate-GW.png

AVG132
Explorer
‎2023-03-23 07:45 AM
In response to Tal_Paz-Fridman
Jump to solution

Thanks for reply . Is there any config changes required to be done at Security Management Server end as well ?  What are next steps after clicking on Renew /will it renew automatically after this ?

0 Kudos
girisht
Employee
Employee
‎2023-03-24 03:13 AM
In response to AVG132
Jump to solution

Hi there,

Renewing the IPSEC repository certificate will only impact the RA VPN and S2S VPN if the certificate is being used. So it would be advised to perform in lean hours. Once the certificate is renewed just push the policy.
Moreover, it doesn't require any changes on the MGMT server side and it will not renew automatically. An admin has to renew the certificate whenever it expires. 
Additional info: sk176527

 

anand87
Explorer
‎2025-06-16 02:30 AM
In response to girisht
Jump to solution

thanks for the SK 

Can we renew certificate in every 6 months instead of yearly

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-16 11:14 AM
In response to anand87
Jump to solution

You can manually "renew" and set the expiration for 6 months by modifying and executing the script here, which by default renews it for a year: https://support.checkpoint.com/results/sk/sk182070 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-03-24 03:18 AM
Jump to solution

Just do what @girisht and @Tal_Paz-Fridman said. Btw, its totally safe to even do this in production hours, I had done it at least 20 times and never an issie. Now, to be safe, maybe better off hours, but you will be fine either way.

Also, dont forget to install policy afterwards.

Andy

Best,
Andy
0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events