|
|
|
Description
Revokes a certificate issued by the ICA.
Important - On Multi-Domain Server, you must run this command in the context of the relevant Domain Management Server.
Syntax
cpca_client [-d] revoke_cert [-p <CA port number>] -n "CN=<Common Name>" -s <Certificate Serial Number> |
Parameters
Parameter |
Description |
|---|---|
|
Runs the command in debug mode. Use only if you troubleshoot the command itself. |
|
Optional. Specifies the TCP port on the Security Management Server or Domain Management Server, which is used to connect to the Certificate Authority. The default TCP port number is 18209. |
|
Specifies the certificate CN. To get the CN, run the Example: From this output: Subject = CN=VS1 VPN Certificate,O=MyDomain_Server.checkpoint.com.s6t98x Status = Valid Kind = IKE Serial = 27214 DP = 1 Not_Before: Wed Apr 11 17:26:02 2018 Not_After: Tue Apr 11 17:26:02 2023 you get this syntax: -n "CN=VS1 VPN Certificate
Note - You can use the parameter ' |
|
Specifies the certificate serial number. To see the serial number, run the Note - You can use the parameter ' |
Example 1 - Revoking a certificate specified by its CN
[Expert@MGMT:0]# cpca_client lscert Subject = CN=VS1 VPN Certificate,O=MyDomain_Server.checkpoint.com.s6t98x Status = Valid Kind = IKE Serial = 27214 DP = 1 Not_Before: Wed Apr 11 17:26:02 2018 Not_After: Tue Apr 11 17:26:02 2023 [Expert@MGMT:0]# [Expert@MGMT:0]# cpca_client -d revoke_cert -n "CN=VS1 VPN Certificate" Certificate was revoked successfully [Expert@MGMT:0]# |
Example 2 - Revoking a certificate specified by its serial number
[Expert@MGMT:0]# cpca_client lscert Subject = CN=VS1 VPN Certificate,O=MyDomain_Server.checkpoint.com.s6t98x Status = Valid Kind = IKE Serial = 27214 DP = 1 Not_Before: Wed Apr 11 17:26:02 2018 Not_After: Tue Apr 11 17:26:02 2023 [Expert@MGMT:0]# [Expert@MGMT:0]# cpca_client -d revoke_cert -s 27214 Certificate was revoked successfully [Expert@MGMT:0]# |
