The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Policy installation fails for all gateways with SIC error "Internal SSL authentication SSL error [Got alert from peer that the certificate expired]"
Technical Level
Solution ID
sk102975
Technical Level
Product
Security Management, Multi-Domain Management
Version
All
Platform / Model
Intel/PC, Smart-1
Date Created
13-Oct-2014
Last Modified
26-Jul-2016
Symptoms
Policy installation fails for all gateways with SIC error "Internal SSL authentication SSL error [Got alert from peer that the certificate expired]".
Security Management Server / Domain Management Server has lost SIC connections with all managed Security Gateways.
Reinitializing SIC between the Security Management Server / Domain Management Server and managed Security Gateways does not resolve the issue.
$CPDIR/log/cpd.elg file on the Security Management Server / Domain Management Server contains the following messages:
SIC Error for LSMServerAddon: Got alert from peer that the certificate expired
Renew_SIC_Cert_cb: CPD failed to renew sic certificate. status = 3, rc - -1.
When installing policy it fails with:
Installation failed. Reason: Internal SSL authentication SSL error [unknown]
When installing policy it fails with:
Installation failed. Reason: Internal SSL authentication error [ Certificate expired.]
Cause
The Security Management Server / Domain Management Server database was imported from a different machine, and the hostname has been changed. As a result, the ICA fails to renew the certificates.
