VPN and Interna_ca

[jemma_noor]

Hello CPUG users,

I have inherited Checkpoint Nokia IPSO 330 (ng fp3) environment, and am now trying configure Securemote vpn.

In the properties of our firewall object (>smartdashboard >Checkpoint objects >Firewall Properties >VPN tab >Certificate List) under certificates box, there is a default interna_ca certificate without any DN description. I'm assuming my predecessor created this by mistake and I would now like remove it in order to configure a vpn.

When I try removing it via the Checkpoint Properties window (remove button beneath the certs list table), I receive an error message of "unable to delete ca cert, please contact your support dept."

I have also tried reseting the CA through CPconfig although it resets ca, it fails to remove the default Interna_ca cert.

Are there any other way's of removing the internal_ca without having to rebuild the entire firewall?

Thank you for any suggestions.

Regads,
Jemma
X

ps, we don't have support with checkpoint.

[chillyjim]

The internal cert cannot just be removed. You can unckeck "VPN" from the products list of the gateway and click "OK" that will remove the cert and it will regenerate when you check VPN again.

[DJ_SL]

Quote:

Originally Posted by chillyjim

The internal cert cannot just be removed. You can unckeck "VPN" from the products list of the gateway and click "OK" that will remove the cert and it will regenerate when you check VPN again.

Many thanks this sorted my issue (IKE: phase 1, cert unavailable etc...).