Certificate Authority

Each Check Point Security Management Server contains an Internal Certificate Authority (ICA).

This ICA signs the internal certificate for each managed object.

You can reset this ICA.

Warnings:

  • Before you follow this procedure, always consult Check Point Support if this procedure is necessary.

  • Schedule a full maintenance window.

  • Before you follow this procedure, collect a set of backup files:

    • Gaia Snapshot (see Snapshot Management)

    • Gaia Backup (see Backing Up and Restoring the System)

    • CPinfo file (see sk92739)

    • After you follow this procedure, you must:

      1. Reset SIC on each managed Security Gateway and each Cluster Member.

      2. Establish SIC in SmartConsole with each of these objects.

      3. Renew the IKE certificate for any Security Gateway / Cluster that runs with Remote Access VPN, Site-to-Site VPN, or one of the HTTPS portals (UserCheck, Identity Awareness Captive Portal, Mobile Access Portal).

Resetting Internal Certificate Authority in Gaia Portal

Step

Instructions

1

In the navigation tree, click System Management > Certificate Authority.

2

Click Reset.

3

Click OK to confirm.

Resetting Internal Certificate Authority in CLI

See sk158096 - How to renew an Internal Certificate Authority (ICA) certificate.