cpca_client

Description

Execute operations on the Internal Certificate Authority (ICAClosed Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.).

Note:

On a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., you must run this command in the context of the applicable Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.:

mdsenv <IP Address or Name of Domain Management Server>

Syntax

cpca_client [-d]

      create_cert <options>

      double_sign <options>

      get_crldp <options>

      get_pubkey <options>

      init_certs <options>

      lscert <options>

      revoke_cert <options>

      revoke_non_exist_cert <options>

      search <options>

      set_cert_validity <options>

      set_mgmt_tool <options>

      set_sign_hash <options>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

create_cert <options>

Issues a SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificate for the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management Server.

See cpca_client create_cert.

double_sign <options>

Creates a second signature for a certificate.

See cpca_client double_sign.

get_crldp <options>

Shows how to access a CRL file from a CRL Distribution Point.

See cpca_client get_crldp.

get_pubkey <options>

Saves the encoding of the public key of the ICA's certificate to a file.

See cpca_client get_pubkey.

init_certs <options>

Imports a list of DNs for users and creates a file with registration keys for each user.

See cpca_client init_certs.

lscert <options>

Shows all certificates issued by the ICA.

See cpca_client lscert.

revoke_cert <options>

Revokes a certificate issued by the ICA.

See cpca_client revoke_cert.

revoke_non_exist_cert <options>

Revokes a non-existent certificate issued by the ICA.

See cpca_client revoke_non_exist_cert.

search <options>

Searches for certificates in the ICA.

See cpca_client search.

set_cert_validity <options>

Configures the default certificate validity period for new certificates.

See cpca_client set_cert_validity.

set_mgmt_tool <options>

Controls the ICA Management Tool.

See cpca_client set_mgmt_tool.

set_sign_hash <options>

Sets the hash algorithm that the CA uses to sign the file hash.

See cpca_client set_sign_hash.