- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have an existing 3rd party certificate that we need to renew. I have installed new certs using sk149253, but never renewed one.
We received new root and intermediate certs from DigiCert, but receive an error that they already exist when trying to create new server objects.
Does anyone know the exact process to renew 3rd party certs without deleting the originals?
Did you generate a CSR here or did they just give you new certificates?
That all sounds correct to me.
You might also need to double-check the VPN settings on the gateway object/community to ensure certificates from that CA are trusted.
Thanks. I'll update my post after we do the work on Wednesday.
Worked out pretty much as intended.
1) Removed the current cert from the repository which blanked the VPN clients selection. There some warning and push configuration messages.
2) Opened the trusted CA server object and used the Get button on the OPSEC PKI Tab to install and accept the new root cert.
3) Repeated step 2 for the subordinate CA.
4) Used the add button on the IPSEC page to create a new cert. You'll add a nickname and in our case it was important to pick our subordinate CA in the "CA to enroll from". First time we selected the root and we received an error telling us the cert chain was off.
5) Pushed the generate button and added our DN.
6) Another member of our team took the info and processed the cert with DigiCert.
7) Used the returned, signed cert to complete the enrollment.
😎 Switched the VPN clients to authenticate using the new cert.
9) Pushed policy for good measure.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY