Edouard, Do you still have a valid Stonesoft StoneBeat support and maintenance contract? You can contact Stonesoft support with your license info via [EMAIL PROTECTED] to find out what your status is. They can make suggestions on how you can update the certificates.
Although the evaluation certs will get you through errors, the downside is that the evaluation certificates are the same for everyone who has a copy of FullCluster...that means that others can use those and possibly connect to YOUR cluster. Of course, the firewall policy has to be improperly configured, and that never happens... :-P --- Mark Boltz, CISSP Sr. Solutions Architect [EMAIL PROTECTED] http://www.stonesoft.com Toll Free: 1.866.869.4075 Cell: 1.571.218.2481 Fax: 1.703.288.4811 8133 Leesburg Pike, Suite 610 Vienna, VA 22182-2730 USA Subscribe to a Webletter on Trends in Network Security at http://www.stonesoft.com/network_security/ Edouard Zorrilla <[EMAIL PROTECTED] M.PE> To Sent by: Mailing [EMAIL PROTECTED] list for INT.COM discussion of cc Firewall-1 <FW-1-MAILINGLIST Subject @AMADEUS.US.CHECK Re: [FW-1] AW: [FW-1] SBFC Cluster POINT.COM> SSL Error 10/25/2006 07:13 PM Please respond to Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST @AMADEUS.US.CHECK POINT.COM> Hello Pedro, Thanks for the input. The issue is that the modules are Checkpoint NG AI R54. That is why I beg some can help me here. Thanks ----- Original Message ----- From: "Pedro Boavida" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, October 25, 2006 4:45 AM Subject: Re: [FW-1] AW: [FW-1] SBFC Cluster SSL Error > Hi, > > I'm not sure if that question is appropriate for this list, but.... the > command you should use to regenerate the certificates is the sbfcconfig. > But I'm sure that you have all the steps described in the manual. If you > want to, as a workaround, use the eval certificates that are somewhere > under the (...)/etc folder. > > Best regards, > > Pedro Boavida > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Christoph > Dollt > Sent: quarta-feira, 25 de Outubro de 2006 8:22 > To: [email protected] > Subject: [FW-1] AW: [FW-1] SBFC Cluster SSL Error > > You need to create new stonebeat certificates using the sb* commands. > > > -----Ursprüngliche Nachricht----- > Von: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Im Auftrag von Edouard > Manuel Zorrilla Calancha > Gesendet: Mittwoch, 25. Oktober 2006 08:55 > An: [email protected] > Betreff: [FW-1] SBFC Cluster SSL Error > > > Hello Guys, > > I hope one of you can help me with this. I have a cluster SBFC 2 modules > Checkpoint NG AI R54. The issue is that I am unable to manage the nodes > from > the console, I got the next error: > > ------------------------------------------------------------- > pefwcons:/#sbfc status > failed to verify module's certificate: certificate has expired module's > certificate has expired > > ssl handshake failed (line=4747) > ssl error error:00000001:lib(0):func(0):reason(1) > pefwcons:/#sbfc status > failed to verify module's certificate: certificate has expired module's > certificate has expired > > ssl handshake failed (line=4747) > ssl error error:00000001:lib(0):func(0):reason(1) > ------------------------------------------------------------- > > I know this is certificate error, I have been doing some research inside > the > web with out luck. I wonder if some of you come up with this error in your > cluster SBFC with checkpoint so that you can help me with this. If you > have a > paper how to generate the certificates again please send me the > information. > > Thanks a lot. > Edouard > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
