This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
aMatthew
Participant
4 weeks ago

Problem with ssl certificate - Quantum spark 1590

Good evening, everyone,

I hope someone can help me in this issue :

A few weeks ago we updated the ssl certificate for both the gateway portal and the VPN client.

Currently the portal is exposed on port 4434 while 443 is used for VPN RA.

When I access the portal on port 4434 the certificate is displayed correctly and the expiration date is correct .

However, if I check on port 443 it tells me that the certificate has expired, showing me the date of the last certificate.

We cleared all the cache and there is no trace of the old certificate.

We have opened a case at TAC and it tells us that all the operations were done correctly.

However on any site that checks on the certificate (ssl shopper or Qualys) it tells us that the certificate has expired.

It is the quantum spark 1590 series.

Has anyone ever encountered such an issue ?

Has the gateway already been rebooted/updated and any other tests with TAC

Thank you all.

 

0 Kudos
3 Replies
Lesley
Advisor
4 weeks ago

I don't think it is possible as listed in: https://support.checkpoint.com/results/sk/sk110533

  • The Quantum Spark Appliance always presents its internal VPN certificate when it tries to establish a connection between the client endpoint and the site. The client host does not have this certificate installed.
  • The VPN site certificate changed.

Solution

This is expected behavior.

Locally Managed Quantum Spark (SMB) appliances do not support internal certificate administration. These appliances always present their own VPN certificate, even if there are other certificates installed on the appliances.

Note - You can verify the internal certificate in the appliance WebUI: Device > Certificates (Internal Certificate). This page shows two certificates: Internal CA Certificate and Internal VPN Certificate. 

 

They speak of local managed gateways, what about this gateway?

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
aMatthew
Participant
4 weeks ago
In response to Lesley

Hi lesley,

I don't know if I explained myself well , I try to clarify:

Until a few weeks ago we had a third-party certificate that worked for both the web portal (port 4434) and the RA VPN (port 443) .
When we renewed the certificate if we connect to example.com:4434 the expiration date is correct. If we connect to https://example.com it keeps giving us the old expiration date.

0 Kudos
Lesley
Advisor
4 weeks ago
In response to aMatthew

So it is central or local management what steps or guide you have followed? 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events