OK - Quick "I'm stuck" question here... should be
hopefully an easy one, but
I'm completely stumped!
I've got a FW1/VPN1 NG running on Windows. The SecuRemote
certificate just
expired, and I can't get it to renew itself. Remote users
get a
"Certificate expired" error when they connect via
SecuRemote.
If I go into:
SmartDashboard -> Manage -> VPN Communities...
->
<click my VPN community name> -> Edit... ->
Participating Gateways ->
<click my gateway name> -> Edit... -> VPN
.. then on the right I have a "Certificate List"
that says:
Nickname: defaultCert
DN: CN=<gateway> VPN Certificate...
Certificate Authority: internal_ca
If I click the cert, and click Remove, it first says:
A new internal CA certificate will be created when clicking
OK on a VPN-1
object.
If you delete this certificate the CRL list will be
increased.
Are you sure you want to delete this certificate?
I say Yes, but then get an error:
This certificate is used in IKE authentication. Prior to
deleting this
certificate,
define an alternative certificate, or remote the 'public key
signature'
authentication method.
I try to define another new certificate, but am told:
Cannot generate certificate from 'internal_ca' Certificate
Authority because
<gateway> already has a certificate generated by
'internal_ca' Certificate
Authority.
What am I doing wrong? How do I get this certificate to
just renew
itself???? Many thanks!
~~Richard~~
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|