 | ||
 Mystery certificate already exists with SIC communication? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-06-22 | |||
| |||
 Mystery certificate already exists with SIC communication? I'm trying to connect a CP Gateway to my console (SmartDashboard) however when I initilize the SIC I get the error: "A certificate with this name already exists, please specify a different name and try again." However there are no other nodes with the same name. If I choose a different name for this new node it works fine, however as you can imagine all our nodes have very specific names and a rename would be a headache. Is there a way to remove this mystery certificate to enable me to attach this new node?  |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? Oh! I forgot to mention I am using R65 for both my logging server (Smartcenter server) and my gateways |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? If you want to revoke certificate issued by the ICA you should use - cpca_client revoke_cert [-p <ca_port>] -n "CN=<common name>". I'm not sure that the command will work with SIC certificates. |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? I've managed to use the ICA web tool to take a look at the existing certificates. There are no existing VALID certifcates that I can see that would conflict. Unfortunatly I can't delete the revoked certificates because they havn't expired. Does anyone know where the certificates are physically held on the system? Is it as easy as simply removing the .cer file for the revoked certs? |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? "CN=<common name>" in my example is object name. I would type the command with "bad" node name. I found two usefull SK, 1'st - manual editing objects_5_0.C , 2'nd - cpca_client revoke_cert. How to correct the error: "cannot create certificate for this object. Certificate already exists." How to resolve the error: "cannot create certificate, object with this certificate name already exists" |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? Thanks for the hints kva.kva. I thought for just a moment you might have hit the nail on the head. But unfortunatly neither of those SK's seem to have a solution that works (although the problem is identical). I followed both through but neither worked :( |
| 2007-06-22 | |||
| |||
| Re: Mystery certificate already exists with SIC communication? not sure it would be feasible, but have you thought of doing a database revision then removing the FW object, saving then re-adding? GL! Masterloo |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
