Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prime
Contributor

Not able to renew our VPN IPSEC certificate in Management Server

 I’m attaching screenshot for reference:-

->      Endpoint Shows Error

->       VPN Certificate Expiration

->       Error While we renew Certificate

 

Endpoint Client.jpgCertification View.JPGError while renew Certificate.JPG

0 Kudos
3 Replies
_Val_
Admin
Admin

You probably cannot renew your GW certificate because the CA certificate is expired. Check if it is the case, before anything else. If it is out of date, use sk158096 to renew it, then continue with the GW

0 Kudos
the_rock
Legend
Legend

This is procedure TAC gave me 2 years ago when client had similar issue. I STRONGLY recommend you do all your backups before doing this, just to be on the safe side...but it did work.

Engineer never told us if this was from an official sk or internal, so I really cant tell you, sorry.

Procedure:

1. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
 - Change "signatures" to "pre-shared".
 - Save and exit Guidbedit.

2. Open Guidbedit to network_objects -> Gateway_Object -> find certificates section
 - Find defaultCert then right click and delete the cert, and save changes and close 

3. Check to see if default cert is gone in SmartConsole - gateway object - IPsec VPN
 - Create a new cert
 - Install policy

4. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
 - Change "pre-shared" to "signatures"
 - Save and exit Guidbedit.
 - Install policy

5. Test VPN connection

0 Kudos
CheckPointerXL
Advisor
Advisor

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events