In This Section: |
For more information about Security Management Server, see the R80.10 Security Management Administration Guide.
Description Executes operations on the ICA (Internal Certificate Authority).
Syntax:
> cpca_client
Description Revokes a certificate issued by the ICA.
Syntax:
> cpca_client [-d] revoke_cert [-p <
ca_port>] -n "CN=<
common name>"
Parameter |
Description |
---|---|
|
Runs the command in debug Mode. |
|
Specifies the port which is used to connect to the CA (if the CA was not run from the default port 18209). |
|
Sets the CN to |
Description Shows all certificates issued by the ICA.
Syntax:
> cpca_client [-d] lscert [-dn <
substring>] [-stat {Pending|Valid|Revoked|Expired|Renewed}] [-kind SIC|IKE|User|LDAP] [-ser <
ser>] [-dp <
dp>]
Parameter |
Description |
---|---|
|
Runs the command in debug Mode. |
|
Filters results to those with a DN that matches this |
|
Filters results to the specified certificate status: |
|
Filters results for specified kind: |
|
Filters results for this serial number. |
|
Filters results from this CDP (certificate distribution point). |
Description Imports a list of DNs for users and creates a file with registration keys for each user.
Syntax:
> cpca_client init certs [-p <
ca_port>] -i <
input_file> -o <
output_file>
Parameter |
Description |
---|---|
|
Specifies the port which is used to connect to the CA. The default port is |
|
Imports the specified file. Make sure to use the full path. Make sure that there is an empty line between each DN in the file: CN=test1,OU=users <empty line> CN=test2,OU=users |
|
Saves the registration keys to the specified file. |
Description Starts or stops the ICA Management Tool.
Syntax:
> cpca_client [-d] set_mgmt_tool {on|off|add|remove|clean|print} [-p <
ca_port>] [-no_ssl] {-a <
administrator DN>, -u <
user DN>, -c <
custom user DN>, ...}
Parameter |
Description |
---|---|
|
Runs the command in debug mode. |
|
|
|
Specifies the port which is used to connect to the CA. The default port is |
|
Configures the server to use HTTP instead of HTTPS. |
|
Sets the DNs of the administrators that are permitted to use the ICA management tool. |
|
Sets the DNs of the users that are permitted to use the ICA management tool. |
|
Sets the DN for custom users that can use the ICA management tool. |
Notes
-a
or -u
the list of the permitted users and administrators isn't changed. The server can be stopped or started with the previously defined permitted users and administrators.Description Sets the hash algorithm that the CA uses to sign the file hash. The default algorithm is sha1
Syntax:
> cpca_client set_sign_hash {sha1|sha256|sha384|sha512}
Description Searches for certificates in the ICA (Internal Certificate Authority).
Syntax:
> cpca_client search <
string> [-where {dn|comment|serial}] [-kind [SIC|IKE|User|LDAP]] [-stat [Pending|Valid|Revoked|Expired|Renewed]] [-max <
max results>] [-showfp {y|n}]
Parameter |
Description |
---|---|
|
Where to search for the string, in the dn, serial number, or comment field. The default is all locations. |
|
The type of certificate. You can enter multiple values in this format: |
|
Filters according to the status of the certificate. You can enter multiple values in this format: |
|
Enter the maximum number of results to show. The default setting is |
|
Shows the certificate's fingerprint: |
Example:
> cpca_client search samplecompany -where comment -kind SIC LDAP -stat Pending Valid Renewed
Description Defines how to access a CRL file from a distribution point.
Syntax:
> cpca_client get_crldp [-p <
ca_port>]
Parameter |
Description |
---|---|
|
Specifies the port which is used to connect to the CA. The default port is |
Description Saves the encoding of the public key for the ICA to a file.
Syntax:
> cpca_client [-p <
ca_port>] get_pubkey <
output>
Parameter |
Description |
---|---|
|
Specifies the port which is used to connect to the CA. The default port is |
|
Name of the file where the public key is saved. |
Description Creates a second signature for a certificate.
Syntax:
> cpca_client [-p <
ca_port>] -i <
cert file> [-o <
output file>]
Parameter |
Description |
---|---|
|
Specifies the port which is used to connect to the CA. The default port is |
|
Imports the specified certificate only in PEM format. |
|
Saves the certificate to the specified file. |
Description
Configures or reconfigures a Check Point product installation. The configuration options for each machine depend on the configuration and installed products.
Syntax
cp_conf -h admin add [<UserName> <Password> {a | w | r}] add -gaia [{a | w | r}] del <UserName1> <UserName2> ... get auto {enable | disable} <Product1> <Product2> ... get all ca fqdn <FQDN Name> init client add <GUI Client> createlist <GUI Client 1> <GUI Client 2> ... del <GUI Client 1> <GUI Client 2> ... get finger get lic add -f <Full Path to License File> add -m <Host> <Date> <Signature Key> <SKU/Features> del <Signature Key> get sic cert_pull <Management Server> <DAIP GW object> init <Activation Key> [norestart] state snmp {activate | deactivate} [norestart] get |
Parameters
Item |
Description |
---|---|
|
Shows the entire built-in usage. |
|
Configures Check Point system administrators for the Security Management Server:
Notes:
|
|
Shows and configures the automatic start of Check Point products during boot:
Note - This command corresponds to the option " |
|
Note - This command corresponds to the option " |
|
Configures the GUI clients that can use SmartConsoles to connect to the Security Management Server.
Notes:
|
|
Shows the ICA's Fingerprint. Note - This command corresponds to the option " |
|
Manages Check Point licenses:
Note - This command corresponds to the option " |
|
Do not use these commands anymore. To configure SNMP, see the R80.10 Gaia Administration Guide - Chapter System Management - Section SNMP. |
Description Manages Check Point system administrators for the Security Management Server
Syntax:
> cp_conf admin get # Get the list of administrators.
> cp_conf admin add <user> <pass> {a|w|r}
> cp_conf admin del <admin1> <admin2>...
Parameter |
Description |
---|---|
|
Shows a list of the administrators. |
|
Adds a new administrator <user> with password <pass>. |
|
Sets the permissions for the new administrator:
|
|
Deletes one or more administrators <admin1>, <admin2>, and so on. |
Description Initializes the Certificate Authority on the Security Management Server
Syntax:
> cp_conf ca init
> cp_conf ca fqdn <name>
Parameter |
Description |
---|---|
|
Initializes the internal CA. |
|
Sets the FQDN of the internal CA to |
Description Displays the fingerprint which will be used on first-time launch. This verifies the identity of the Security Management Server being accessed by SmartConsole. This fingerprint is a text string derived from the Security Management Server certificate.
Syntax:
> cp_conf finger get
Description Shows the installed licenses and lets you manually add new ones.
Syntax:
> cp_conf lic get
> cp_conf lic add -f <file>
> cp_conf lic add -m <Host> <Date> <Key> <SKU>
> cp_conf lic del <Signature Key>
Parameter |
Description |
---|---|
|
Shows the installed licenses. |
|
Adds the license from |
|
Manually adds a license with these parameters:
|
|
Deletes license |
Description Manages the GUI clients that can use SmartConsoles to connect to the Security Management Server.
Syntax:
> cp_conf client get # Get the GUI clients list
> cp_conf client add <
GUI client> # Add one GUI Client
> cp_conf client del <
GUI client 1> <
GUI client 2>... # Delete GUI Clients
> cp_conf client createlist <
GUI client 1> <
GUI client 2>... # Create new list.
Parameter |
Description |
---|---|
|
Shows the IP addresses of the allowed GUI clients. |
|
Adds the |
|
Deletes one or more IP addresses from the list of allowed GUI clients. |
|
Deletes allowed GUI clients and creates a new list. The new list allows |
Description Activates or deactivates SNMP.
Syntax:
> cp_conf snmp get # Get SNMP Extension status.
> cp_conf snmp {activate|deactivate} [norestart] # Deactivate SNMP Extension.
Parameter |
Description |
---|---|
|
Shows the SNMP status. |
|
Enables or disables SNMP. |
|
By default, the Security Gateway runs |
Description Configures the Security Gateway and Security Management Server products that start automatically when the appliance or server reboots.
Syntax
> cp_conf auto get [fw1] [fg1] [rm] [all]
> cp_conf auto {enable|disable} <
product1> <
product2>...
Parameter |
Description |
---|---|
|
Shows which products start automatically |
|
Enables or disables the one or more products that start automatically |