AnsweredAssumed Answered

Migration to SHA256 for internal CA

Question asked by Ryan St. Germain on Dec 8, 2018
Latest reply on Dec 9, 2018 by Dameon Welch-Abernathy

Hey Guys. Just need a sanity check. Running R77.30 and our VPN Certificate is showing as using SHA1. I am looking at the SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) article.

 

It mentions Resetting SIC. Am I correct in assuming this is only if we wanted to re-generate the SIC certificate using SHA256? If we just simply wanted to re-generate the cert used for VPN this is not needed? So for instance all I would need to do is the following if I just wanted a SHA256 cert for VPN:

 

1. Run  cpca_client set_sign_hash sha256 on the mgmt box

2. Re-generate VPN certificate under each gateway

3. Install policy

 

Thanks!

 

Outcomes