Sneaker-net. 
Once it's expired, it's expired. You will need to issue a
new certificate
and get it to them somehow or use the "pull"
method where they enter the
code they receive by email to get a new certificate.
If you're running current versions of FW-1 and
SecuRemote/SecureClient, the
automatic renewal process works fine as long as they connect
once when they
are inside the renewal period. That's 60 days by default. I
raised mine to
90.
I use the web interface to the ICA (the one on port 18265 of
the
SmartCenter) and run queries occasionally to make sure I
don't let one
expire.
Ray
>From: John Lindblom <jlindblom MICO.COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>
>To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
>Subject: Re: [FW-1] Problem renewing SecuRemote
certificate
>Date: Tue, 4 Sep 2007 08:43:07 -0500
>
>This raises a question for me.
>
>How are end user certificates handled when they expire
if they can't be
>renewed? I just started using certificates and I need
to plan for issues
>with expiration.
>
>John
>
>
>
> Richard Newton
> <rnewton99GMAIL.
> COM>
To
> Sent by: Mailing
FW-1-MAILINGLISTAMADEUS.US.CHECKPO
> list for INT.COM
> discussion of
cc
> Firewall-1
> <FW-1-MAILINGLIST
Subject
> AMADEUS.US.CHECK Re: [FW-1]
Problem renewing
> POINT.COM> SecuRemote
certificate
>
>
> 09/03/2007 09:27
> PM
>
>
> Please respond to
> Mailing list for
> discussion of
> Firewall-1
> <FW-1-MAILINGLIST
> AMADEUS.US.CHECK
> POINT.COM>
>
>
>
>
>
>
>Ray -- Thanks so much. It looks like this did the
trick. (It was the VPN
>cert on the firewall that was expired.)
>
>~~Richard~~
>
>On 9/3/07, Ray <sixsigma44hotmail.com> wrote:
> >
> > Which certificate is expired? The one that the
SecuRemote uses to
> > authenticate themselves to the firewall or the
actual VPN certificate on
> > the
> > firewall?
> >
> > If it is an end user certificate, it cannot be
renewed once it's
>expired.
> >
> > If it's the one for the firewall, try un-checking
VPN on the firewall
> > object, save the firewall object, open the
firewall object, re-check
>VPN,
> > save the firewall object and push the policy.
> >
> > Ray
> >
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERVamadeus.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http:
//www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-ownerts.checkpoint.com
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERVamadeus.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http:
//www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-ownerts.checkpoint.com
>=================================================
____________________________________________________________
_____
Share your special parenting moments!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
