Since I often run into problems with expired IKE or SIC certificates I have written an oneliner that shows the current date and time, the expiration date of the internal Check Point CA and all valid IKE and SIC certificates with expiration date.
The oneliner must be run on the management in expert mode.
if [[ `$CPDIR/bin/cpprod_util FwIsFirewallMgmt 2>/dev/null` != *'1'* ]] || [[ `$CPDIR/bin/cpprod_util FwIsStandAlone 2>/dev/null` == *'1'* ]];then echo;printf '%.s-' {1..70};echo;echo;echo ' Not a Management!';echo;printf '%.s-' {1..70};echo;else echo;echo -n 'Current Date and Time';echo;printf '%.s-' {1..70};echo;date +"%d %b %Y %H:%M:%S %:z %Z";echo;echo;echo -n 'Check Point Internal Certificate Authority (ICA) Experation Date';echo;printf '%.s-' {1..70};echo;date --date="$(echo | cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: 2>/dev/null | cpopenssl x509 -noout -enddate | awk -F '=' '{print $NF}' )" +"%d %b %Y %H:%M:%S %:z %Z";echo;echo;echo -n 'Current Valid IKE & SIC Certificates signed by ICA';echo;printf '%.s-' {1..70};echo;cpca_client lscert -stat Valid | awk 'NR > 3 { print }' | awk '{ printf "%s", $0; if (NR % 4 == 0) print ""; else printf " " }' | awk '{if ($9 ~ /SIC/) print $3,$9,$12,$25,$24,$27,$26; else if ($11 ~ /IKE/) print $3,$11,$14,$27,$26,$29,$28}' | awk -F '[, ]' '{if ($3 ~ /SIC/) print $1,$3,$4,$5,$6,$7,$8; else if ($2 ~ /IKE/) print $1,$2,$3,$4,$5,$6,$7}' | sort -k6,6n -k5,5M -k4,4n -k7.1,7.7 | sed 's/CN=//' | awk '{printf "%s %s %s %02d %s %s %s\n", $1,$2,$3,$4,$5,$6,$7}' | awk 'BEGIN {print "Nr.",";Objectname",";Type",";Serial",";Not Valid After","","",""} {print NR,";"$1,";"$2,";"$3,";"$4,$5,$6,$7}'| column -t -s ";" -o " " ;echo;fi
