Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AVG132
Explorer
Jump to solution

How to Renew Certificate on Security Gateway.

Hi All , 

We are having a Security gateway whose certificate is about to expire in 15 days .It was issued by Security Management Server 5 years back. 1.What is a procedure to update this certificate .We are not planning to use external/internal separate CA for this .

2.Is there any impact if this certificate gets expired ?

3.Is there any SK article for this ?

0 Kudos
3 Solutions

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

An expired certificate will mean VPN will fail.

Edit the Security Gateway object.

 

2023-03-23 16_32_04-Check Point Gateway - Corporate-GW.png

View solution in original post

girisht
Employee
Employee

Hi there,

Renewing the IPSEC repository certificate will only impact the RA VPN and S2S VPN if the certificate is being used. So it would be advised to perform in lean hours. Once the certificate is renewed just push the policy.
Moreover, it doesn't require any changes on the MGMT server side and it will not renew automatically. An admin has to renew the certificate whenever it expires. 
Additional info: sk176527

 

View solution in original post

the_rock
Legend
Legend

Just do what @girisht and @Tal_Paz-Fridman said. Btw, its totally safe to even do this in production hours, I had done it at least 20 times and never an issie. Now, to be safe, maybe better off hours, but you will be fine either way.

Also, dont forget to install policy afterwards.

Andy

View solution in original post

0 Kudos
(1)
4 Replies
Tal_Paz-Fridman
Employee
Employee

An expired certificate will mean VPN will fail.

Edit the Security Gateway object.

 

2023-03-23 16_32_04-Check Point Gateway - Corporate-GW.png

AVG132
Explorer

Thanks for reply . Is there any config changes required to be done at Security Management Server end as well ?  What are next steps after clicking on Renew /will it renew automatically after this ?

0 Kudos
girisht
Employee
Employee

Hi there,

Renewing the IPSEC repository certificate will only impact the RA VPN and S2S VPN if the certificate is being used. So it would be advised to perform in lean hours. Once the certificate is renewed just push the policy.
Moreover, it doesn't require any changes on the MGMT server side and it will not renew automatically. An admin has to renew the certificate whenever it expires. 
Additional info: sk176527

 

the_rock
Legend
Legend

Just do what @girisht and @Tal_Paz-Fridman said. Btw, its totally safe to even do this in production hours, I had done it at least 20 times and never an issie. Now, to be safe, maybe better off hours, but you will be fine either way.

Also, dont forget to install policy afterwards.

Andy

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events