Hi Bob, You can try to refer to the Check Point KB Solution ID "sk14532" for re-new the cert and perform the fwm sic_reset.
By the way, the easy solution is. You can try to delete the cert in the GUI. And then add the new cert again. (for NGAI) For the NGX version, you can just click the "renew" button in the GUI. Thanks, Regards, Alan --- 2008年8月1日 星期五,Bob Grabbe <[EMAIL PROTECTED]> 寫道﹕ > 寄件人: Bob Grabbe <[EMAIL PROTECTED]> > 主題: Re: [FW-1] Checkpoint certificate renewal problem > 收件人: [email protected] > 日期: 2008 8 1 星期五 上午 1:08 > At this point I am almost where I can delete and recreate > the vpn > certificate, I have disabled vpn-1 on the gateway and am > trying to delete > the certificate through the checkpoint dashboard. When I > try this, though, I > get an error that I'm unable to contact the certificate > authority on the > management station. > Trying fwm sic_reset doesn't work because the > certificate is still there, > cpstop and cpstart haven't helped any either. > I'd appreciate any suggestions from anyone as to what > to try that would let > me regenerate the certificate. > Thanks > > Bob Grabbe > Michigan Proteome Consortium > [EMAIL PROTECTED] > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On > Behalf Of Bob Grabbe > Sent: Thursday, July 31, 2008 9:10 AM > To: [email protected] > Subject: [FW-1] Checkpoint certificate renewal problem > > I'm hoping I can get some help on this. My firewall > appears to be having a > problem renewing it's internal certificate, although > I'm not sure that's the > right problem. > What I'm having happen is that vpn clients get a > message that the > certificate has expired, and on my desktop when I try to > run the > Smartdashboard, I get the same thing. > When I look at the certificate it does say that it's > expired as of > yesterday, but I thought it was supposed to automatically > renew itself. > One suggestion I found through a google search was to set > the firewall clock > back, cpstop and cpstart. This didn't do anything. I > also found a suggestion > to do fwm sic_reset, but it's not able to reset because > of the following: > "There are IKE Certificates that were generated by the > internal Certificate Authority. > Please remove them (using the SmartDashboard) so that > the internal Certificate Authority can be destroyed." > Besides being unsure whether this is the right thing to do, > I haven't been > able to find the ike certificate to delete it in > Smartdashboard. I am able > to run the dashboard if I set my desktop date to before > today. > If there's any way I can get any suggestions I'd > really appreciate it. > BTW, this is R54 Ngx, but there's no way I'm able > to upgrade. > Thanks > Bob Grabbe > Michigan Proteome Consortium > [EMAIL PROTECTED] > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= Yahoo! [EMAIL PROTECTED] 電郵地址,想登記你的新身份? 請前往 http://hk.promo.yahoo.com/mail/ymail/ 了解更多相關資訊! Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
