- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
.png "Wolfgang"){kind=avatar}
Wolfgang
Dear Checkmates,
we had a problem with the CRL distribution path after migration of a SMS.
We moved SMS from old one to a new machine and changed the hostname and IP-address.
This process was successful, but now we got some problems with VPN between gateways.
The root cause of the VPN problems is a false path in the CRL distribution list point address.Looking in the details of the certificates, there is defined the old path "URL=http://old-SMS.domainname.com:18264/ICA_CRL0.crl"
Every certificate for gateways will be issued with this path, pointing to the name of the old SMS.
Is there a way to change this path without recreating the internal_CA?
As a workaround we added the DNS name for the old SMS to the gateways hosts file and everything is fine, but we want to solve it basically.
Thanks
Wolfgang
PhoneBoy
Pretty sure the only way to change the CRL address is to regenerate the ICA.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY