CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: Internal certificate renewal

  1. #1
    Join Date
    2014-10-03
    Posts
    30
    Rep Power
    0

    Exclamation Internal certificate renewal

    we are running R77.30 on openserver. I am getting warning messages about certificate expiration when i install policy. The only certificate that i can see is internal_ca (ICA_CERT). When i click on this certificate in the cluster properties window i can see renew button becomes available. My question is will the renewal of this certificate lead to any communication problems or it will not affect anything.

    best regards

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: Internal certificate renewal

    Presuming this is the VPN Certificate issued by the Internal CA then if it expires then VPN's that use the Certificate to authenticate ( typically only ones that are to Gateways managed by the same SmartCentre ) will stop working.

    If you renew then simply need to install a policy to all the Gateways that VPN with it that use the Certificate for Authentication so that they become aware of the renewed Certificate.

    If your VPN's all use PreShared Keys then won't have any affect.

  3. #3
    Join Date
    2014-10-03
    Posts
    30
    Rep Power
    0

    Default Re: Internal certificate renewal

    Quote Originally Posted by mcnallym View Post
    Presuming this is the VPN Certificate issued by the Internal CA then if it expires then VPN's that use the Certificate to authenticate ( typically only ones that are to Gateways managed by the same SmartCentre ) will stop working.

    If you renew then simply need to install a policy to all the Gateways that VPN with it that use the Certificate for Authentication so that they become aware of the renewed Certificate.

    If your VPN's all use PreShared Keys then won't have any affect.

    I am using site to site VPNs with preshared keys not with certificates. But for VPN_client property windows is showing that "the gateway authenticates with this certificate ICA_CERT.

  4. #4
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: Internal certificate renewal

    Sounds like you can safely renew then. That way if do use Remote Access then will still have a valid cert to work with.

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,668
    Rep Power
    11

    Default Re: Internal certificate renewal

    I agree. If you want that warm fuzzy then lab everything up and try it there to see how it effects you.

Similar Threads

  1. 3rd Party SSL Certificate Renewal Issue
    By sdawkiins in forum SNX - SSL Network Extender
    Replies: 3
    Last Post: 2014-04-05, 10:34
  2. SNX user certificate renewal
    By lagui in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2010-02-10, 11:56
  3. SecureClient certificate renewal
    By topher in forum SecureClient/SecuRemote
    Replies: 4
    Last Post: 2007-08-08, 09:30
  4. CA certificate renewal
    By m.schmidt in forum Miscellaneous
    Replies: 3
    Last Post: 2007-01-22, 13:15
  5. The Certificate renewal failed
    By mgouriten in forum SecureClient/SecuRemote
    Replies: 4
    Last Post: 2006-04-11, 21:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •