Who rated this post

Hi,

While reviewing the SIC certificates on my SMS (cp_mgmt), I noticed there are multiple duplicates. Currently I can see 4 certificates:

• CN=cp_mgmt (3 times)

• CN=cp_mgmt_mysms

My goal is to clean this up and leave only one certificate with CN=cp_mgmt.

The doubt I have is:
👉 If I revoke these certificates and then create a new one (with CN cp_mgmt), will this impact Site-to-Site VPNs, SIC communication with existing gateways registered in SmartConsole, or any other component that depends on this certificate?

Specifically, I’d like to understand how this SMS SIC certificate interacts with other firewalls/gateways, and whether it is associated with anything else that could be affected by revocation.

These are the steps I plan to follow:

------------------------------------------------------------------------------------------

# Validate current certificates, should show 4:
cpca_client lscert -kind SIC -stat Valid | grep -iE "CN=cp_mgmt*"

# Backup of sic_cert:
cp $CPDIR/conf/sic_cert.p12{,_BACKUP}

# Revoke certificates with CN "CN=cp_mgmt":
cpca_client revoke_cert -n "CN=cp_mgmt"

# Revoke current certificate with CN "CN=cp_mgmt_mysms":
cpca_client revoke_cert -n "CN=cp_mgmt_mysms"

# Create new certificate with CN "CN=cp_mgmt":
cpca_client create_cert -n "CN=cp_mgmt" -f $CPDIR/conf/sic_cert.p12

# Restart services:
cprestart

# Validate CPM process:
watch -d api status

---------------------------------------------------------------------------------

Has anyone gone through this process before? Does revoking/recreating the SMS SIC certificate have any risk on gateway communication or S2S VPNs?

Any insights or recommendations would be highly appreciated 🙌

Thanks in advance!