- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Not able to renew our VPN IPSEC certificate in Man...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not able to renew our VPN IPSEC certificate in Management Server
I’m attaching screenshot for reference:-
-> Endpoint Shows Error
-> VPN Certificate Expiration
-> Error While we renew Certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You probably cannot renew your GW certificate because the CA certificate is expired. Check if it is the case, before anything else. If it is out of date, use sk158096 to renew it, then continue with the GW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is procedure TAC gave me 2 years ago when client had similar issue. I STRONGLY recommend you do all your backups before doing this, just to be on the safe side...but it did work.
Engineer never told us if this was from an official sk or internal, so I really cant tell you, sorry.
Procedure:
1. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
- Change "signatures" to "pre-shared".
- Save and exit Guidbedit.
2. Open Guidbedit to network_objects -> Gateway_Object -> find certificates section
- Find defaultCert then right click and delete the cert, and save changes and close
3. Check to see if default cert is gone in SmartConsole - gateway object - IPsec VPN
- Create a new cert
- Install policy
4. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
- Change "pre-shared" to "signatures"
- Save and exit Guidbedit.
- Install policy
5. Test VPN connection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
