I want to replace my Gaia (R80.10) default Certificate with my Internal windows 2012 CA (2-tier PKI).
Would you like to tell me how to do it?
mpdaemon pid of the process 5566 so yes it is running at the moment , I guess that now you have to consult with your partner and start to put down an action plan for that request
This should fit your needs , have fun
How to create and set certificate for Gaia Portal
yes, I know this kb.
the question is after I running the command according to
"Show / Hide instructions for Gaia Portal on Security Gateway with enabled Multiportal feature"
[Expert@HostName:0]# [ $(pidof mpdaemon) ] && ps --no-heading -o pid,ppid,cmd --ppid $(pidof mpdaemon)
the out put is not an empty string... it is "5607 5565........." see the pic below
so the correct Procedure:
so the correct
Connect with SmartConsole to Security Management Server / Domain Management Server.
Open the Security Gateway / Cluster object.
Go to "Platform Portal" pane.
In the section "Certificate", click on "Import" and choose the certificate.
question: if i don't request CSR, how to create a certificate?
You don't , the ca need to have a csr for signing a certificate.
I never follow the sk to be honest so I can't help on that output but thos should be the pid of the process
the process depends if you are changing the cert on the gw or on the management server. if you are changing the cert on the gw , another question raise , do you have other portals running like Mobile access, captive portal, usercheck, etc.
On the gw, if you have multi portal daemon running you have to do it from smartconsole. if you don't have multi-portal daemon you have to follow the provided Sk.
In order to use the certificate you have to generate a csr. you generate csr from any Linux or windows machine and sent it to the CA to sign it.
Based on your description, you want to change the gaia portal cert with your CA cert. You are mixing 2 things the server certificate and the signing certificate and they are different. Gaia uses server certificate.
thanks. but I don't know if multiportal is enabled. see the pic below.
You can use the command "mpclient list" to see which portals are enabled or you can use the command "cpwd_admin list" to see if the mpdaemon is running or not (in general if you have other portals running like captive portals, mobile access, usercheck page, any other portal not gaia portal then mpdeamon is running). in addition to that if you need to install the certificate through smartconsole you need the certificate in P12 format.
The following sk should work for any portal (Same steps for all portals, you can generate the CSR and the private key from any machine it doesn't have to be the checkpoint device.) when multiportal deamon is running
How to generate Server Certificate Signing Request (CSR) and import the new 3rd Party certificate to Mobile Access Blade
Thanks. Please help me check if the mpdaemon is running or not. (though mobile access is not activated in my environment, but I would like to use it in the future)
in my environment, I have 2 GWs(CP4600, clustered) and 1 smartcenter-1 205.
How to generate certificates for them? (AS clustered GW has a virtual IP, I can access GW via the virtual IPD address)
as I understand, each GW needs to generate a server certificate, smartcenter needs too. but what about the virtual IP ?
when generating CSR, I got the following error
below is the setting.
the IP is correct, but ...
If you already have certificate and key you only need to do the last steps:
Backup the current certificate file "server.crt" and certificate key file "server.key" in the "/web/conf/" directory:
Replace the current files certificate file "server.crt" and certificate key file "server.key" in the "/web/conf/" directory with the new certificate file and certificate key file:
Verify that the certificates have changed:
Restart the Gaia Portal process:
the question is I don't have certificate and key, I need to generate csr
csr syntax is not correct should be like
cpopenssl req -new -out <CERT.CSR> -keyout <KEYFILE.KEY> -config $CPDIR/conf/openssl.cnf
I referred to the kb
Show / Hide instructions for Client's CA signed certificate for Gaia Portal on Security Management Server / Multi-Domain Security Management Server / Security Gateway
on the security management gateway, it works, but on the security gateway, it doesn't.
Retrieving data ...