fwm printcert

Description

Shows a SIC certificate's details.

Note - On Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server (mdsenv <IP Address or Name of Domain Management Server>).

Syntax

fwm [-d] printcert

-obj <Name of Object> [-cert <Certificate Nick Name>] [-verbose]

-ca <CA Name> [-x509 <Name of File> [-p]] [-verbose]

-f <Name of Binary Certificate File> [-verbose]

Parameters

Item	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself. For complete debug instructions, see the description of the `fwm` process in sk97638.
`-obj <`Name of Object`>`	Specifies the name of the managed object, for which to show the SIC certificate information.
`-cert <`Certificate Nick Name`>`	Specifies the certificate nick name.
`-ca <`CA Name`>`	Specifies the name of the Certificate Authority. Note - Check Point CA Name is `internal_ca`.
`-x509 <`Name of File`>`	Specifies the name of the X.509 file.
`-p`	Specifies to show the SIC certificate as a text file.
`-f <`Name of Binary Certificate File`>`	Specifies the binary SIC certificate file to show.
`-verbose`	Shows the information in verbose mode.

Example 1 - Showing the SIC certificate of a Management Server

[Expert@MGMT:0]# fwm printcert -ca internal_ca

Subject: O=MGMT.checkpoint.com.s6t98x

Issuer: O=MGMT.checkpoint.com.s6t98x

Not Valid Before: Sun Apr 8 13:41:00 2018 Local Time

Not Valid After: Fri Jan 1 05:14:07 2038 Local Time

Serial No.: 1

Public Key: RSA (2048 bits)

Signature: RSA with SHA256

Key Usage:

digitalSignature

keyCertSign

cRLSign

Basic Constraint:

is CA

MD5 Fingerprint:

7B:F9:7B:4C:BD:40:B9:1C:AB:2C:AE:CF:66:2E:E7:06

SHA-1 Fingerprints:

1. A6:43:3A:2B:1A:04:7F:A6:36:A6:2C:78:BF:22:D9:BC:F7:7E:4D:73

2. KEYS HEM GERM PIT ABUT ROVE RAW PA IQ FAWN NUT SLAM

[Expert@MGMT:0]#

Example 2 - Showing the SIC certificate of a Management Server in verbose mode

[Expert@MGMT:0]# fwm printcert -ca internal_ca -verbose

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] fwa_db_init: called

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] fwa_db_init: closing existing database

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] do_links_getver: strncmp failed. Returning -2

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] db_fetchkey: entering

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] PubKey:

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] Modulus:

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] ae b3 75 36 64 e4 1a 40 fe c2 ad 2f 9b 83 0b 45 f1 00 04 bc

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] 3f 77 77 76 d1 de 8a cf 9f 32 78 8b d4 b1 b4 be db 75 cc c8

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] c2 6d ff 3e aa fe f1 2b c3 0a b0 a2 a5 e0 a8 ab 45 cd 87 32

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] ac c6 9f a4 a9 ba 30 79 08 fa 59 4c d2 dc 3d 36 ca 17 d7 c1

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] b2 a2 41 f5 89 0f 00 d4 2d f2 55 d2 30 a5 32 c7 46 7a 6b 32

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] 29 0f 53 9f 35 42 91 e5 7d f7 30 6d bc b3 f2 ae f3 f0 ed 88

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] c4 d7 7d 0c 2d f6 5f c8 ed 9f 9a 57 54 79 d0 0f 0b 2f 9c 0d

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] 94 2e f0 f4 66 62 f7 ae 2e f8 8e 90 08 ba 63 85 b6 46 2f b7

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] a7 01 29 9a 14 58 a8 ef eb 07 17 4e 95 8b 2f 48 5f d3 18 10

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] 3f 00 d5 03 d7 fd 45 45 ca 67 5b 34 be b8 00 ae ea 9a cd 50

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] d6 e7 a2 81 86 78 11 d7 bf 04 9f 8b 43 3f f7 36 5f ed 31 a8

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] a3 9d 8b 0a de 05 fb 5c 44 2e 29 e3 3e f4 dd 50 01 0f 86 9d

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] 55 16 a3 4d f8 90 2d 13 c6 c1 28 57 f8 3e 7c 59

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] Exponent: 65537 (0x10001)

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52]

X509 Certificate Version 3

refCount: 1

Serial Number: 1

Issuer: O=MGMT.checkpoint.com.s6t98x

Subject: O=MGMT.checkpoint.com.s6t98x

Not valid before: Sun Apr 8 13:41:00 2018 Local Time

Not valid after: Fri Jan 1 05:14:07 2038 Local Time

Signature Algorithm: RSA with SHA-256 Public key: RSA (2048 bits)

Extensions:

Key Usage:

digitalSignature

keyCertSign

cRLSign

Basic Constraint (Critical):

is CA

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] destroy_rand_mutex: destroy

[FWM 24304 4024166304]@MGMT[12 Jun 20:21:52] cpKeyTaskManager::~cpKeyTaskManager: called.

[Expert@MGMT:0]#

Example 3 - Showing the SIC certificate of a Cluster object

[Expert@MGMT:0]# fwm printcert -obj CXL_192.168.3.244

printing all certificates of CXL_192.168.3.244

defaultCert:

Host Certificate (level 0):

Subject: CN=CXL_192.168.3.244 VPN Certificate,O=MGMT.checkpoint.com.s6t98x

Issuer: O=MGMT.checkpoint.com.s6t98x

Not Valid Before: Sun Jun 3 19:58:19 2018 Local Time

Not Valid After: Sat Jun 3 19:58:19 2023 Local Time

Serial No.: 85021

Public Key: RSA (2048 bits)

Signature: RSA with SHA256

Subject Alternate Names:

IP Address: 192.168.3.244

CRL distribution points:

http://192.168.3.240:18264/ICA_CRL2.crl

CN=ICA_CRL2,O=MGMT.checkpoint.com.s6t98x

Key Usage:

digitalSignature

keyEncipherment

Basic Constraint:

not CA

MD5 Fingerprint:

B1:15:C7:A8:2A:EE:D1:75:92:9F:C7:B4:B9:BE:42:1B

SHA-1 Fingerprints:

1. BC:7A:D9:E2:CD:29:D1:9E:F0:39:5A:CD:7E:A9:0B:F9:6A:A7:2B:85

2. MIRE SANK DUSK HOOD HURD RIDE TROY QUAD LOVE WOOD GRIT WITH

*****

[Expert@MGMT:0]#

Example 4 - Showing the SIC certificate of a Cluster object in verbose mode

[Expert@MGMT:0]# fwm printcert -obj CXL_192.168.3.244 -verbose

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] fwa_db_init: called

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] fwa_db_init: closing existing database

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] do_links_getver: strncmp failed. Returning -2

printing all certificates of CXL_192.168.3.244

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] db_fetchkey: entering

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] 1 certificates

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] PubKey:

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] Modulus:

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] df 35 c3 45 ca 42 16 6e 21 9e 31 af c1 fd 20 0a 3d 5b 6f 5d

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] e0 a2 0c 0e fa fa 5e e5 91 9d 4e 73 77 fa db 86 0b 5e 5d 0c

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] ce af 4a a4 7b 30 ed b0 43 7d d8 93 c5 4b 01 f4 3d b5 d8 f4

... ... ...

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] 34 b1 db ac 18 4f 11 bd d2 fb 26 7d 23 74 5c d9 00 a1 58 1e

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] 60 7c 83 44 fa 1e 1e 86 fa ad 98 f7 df 24 4a 21

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] Exponent: 65537 (0x10001)

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45]

X509 Certificate Version 3

refCount: 1

Serial Number: 85021

Issuer: O=MGMT.checkpoint.com.s6t98x

Subject: CN=CXL_192.168.3.244 VPN Certificate,O=MGMT.checkpoint.com.s6t98x

Not valid before: Sun Jun 3 19:58:19 2018 Local Time

Not valid after: Sat Jun 3 19:58:19 2023 Local Time

Signature Algorithm: RSA with SHA-256 Public key: RSA (2048 bits)

Extensions:

Key Usage:

digitalSignature

keyEncipherment

Subject Alternate names:

IP: 192.168.3.244

Basic Constraint:

not CA

CRL distribution Points:

URI: http://192.168.3.240:18264/ICA_CRL2.crl

DN: CN=ICA_CRL2,O=MGMT.checkpoint.com.s6t98x

defaultCert:

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] destroy_rand_mutex: destroy

[FWM 24665 4023814048]@MGMT[12 Jun 20:26:45] cpKeyTaskManager::~cpKeyTaskManager: called.

*****

[Expert@MGMT:0]#