Hi again Okay, if it's a management certificate problem (if the certificate is expired for example - very common with FP1 and FP2), then use the following simple procedure to revoke the management certificate and re-create it:
Run the following commands at the command prompt: # cpca_client revoke_cert -n "cn=cp_mgmt" # cpca_client create_cert -n "cn=cp_mgmt" -f $CPDIR/conf/sic_cert.p12 You need to do a cpstop and cpstart to activate the new certificate. Cheers Matthew Odendaal MCSE, RSACSP, CCSA, CCSE, CCSE+, CCSI. NSA, NSI Information Security Architects (Pty) Ltd Tel: +27 11 326 2242 Fax: +27 11 326 2285 [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Security Sent: 14 September 2007 04:41 PM To: [email protected] Subject: Re: [FW-1] how to do an fwm sic_reset when smartdashboard cannot be opened ? On Fri, 14 Sep 2007 12:15:09 +0100 Sebastian Arriada <[EMAIL PROTECTED]> wrote: > Did u allow the windows ip on the smart center right (cpconfig) ? yes. just to add some information, the error is the following: The connection has been refused due to one of following SmartCenter certificate problems: 1. The SmartCenter Server's clock is not setup properly. 2. The certificate's issue date is later than the date of the SmartCenter Server's clock. 3. The GUI Client's clock and the SmartCenter Server's clock ora not synchronized. 4. The certificate has expired. 5. The certificate is invalid. > > pkc_mls wrote: > > > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Content-Transfer-Encoding: 7bit > > > > hello, > > > > the smartdashboard on windows cannot connect to the smartcenter due to > > certificate errors. > > > > so I'd like to run a sic_reset, but the command still complains about > > certificates I have to manually > > remove via smartdashboard. > > > > I already tried with the cpca_client set_mgmt_tool and the web gui for > > the internal CA, but > > it didn't work. > > > > has anyone ever seen this before ? > > > > thanks > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
