The ICA Management Tool

The ICA Management Tool lets you:

  • Manage certificates

  • Run searches

  • Recreate CRLs

  • Configure the ICA

  • Remove expired certificates

Note - The ICA Management Tool supports TLS.

Check Point ICA is fully compliant with X.509 standards for both certificates and CRLs. See the related X.509 and PKI documentation, and RFC 2459 for more information.

For more information, see:

Using the ICA Management Tool

Use the ICA management tool for user certificate operations only, such as certificate creation. Do not use the ICA management tool to change SIC certificates or VPN certificates. Change SIC and VPN certificates in SmartConsole.

To use the ICA management tool, you must first enable it on the Security Management Server.

Enabling and Connecting to the ICA Management Tool

The ICA Management Tool is disabled by default.

To enable the ICA Management tool

Run this command on the Security Management Server:

cpca_client [-d] set_mgmt_tool on|off [-p <ca_port>] [-a|-u "administrator|user DN" ... ]

The command options are:




Starts the ICA Management Tool (by opening port 18265)


Stops the ICA Management Tool (by closing port 18265)


Changes the port used to connect to the CA (if the default port is not being used)

-a "administrator DN" ...

Sets the DNs of the administrators that will be allowed to use the ICA Management Tool

-u "user DN" ...

Sets the DNs of users allowed to use the ICA Management Tool. An option intended for administrators with limited privileges.

Note - If cpca_client is run without -a or -u parameters, the list of the allowed users and administrators remains unchanged.

To Connect to the ICA Management Tool

  1. Add the administrator's certificate to the browser's certificate repository.

  2. Open the ICA Management tool from the browser using this address:


    Authenticate when requested.

The ICA Management Tool GUI




Menu Pane

Shows a list of operations


Operations Pane

Manage certificates. The window divides into Search attributes configuration and Bulk operation configuration.

Create Certificates.

Configure the CA. Contains configuration parameters You can also view the CA's time, name, and the version and build number of the Security Management Server.

Manage CRLs. Download, publish, and recreate CRLs.


Search Results Pane. The results of the applied operation show in this pane. This window consists of a table with a list of certificates and certificate attributes.

Connect to the ICA Management tool using a browser and HTTPS connection.