Support Center > Search Results > SecureKnowledge Details
Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Management Server R77.30 and below fails on fresh installation after January 24th 2018
Symptoms
  • Connectivity between SmartDashboard / SmartDomain Manager and Security Management / Multi-Domain Management Server fails.
  • Error: "Connection cannot be initiated. Please make sure the server X.X.X.X is up and running and that you are defined as a GUI Client".
  • Unable to view the CA fingerprint when running cpconfig on a Security Management Server or mdsconfig on Multi-Domain Management Server - "The fingerprint can be displayed only after a certificate is created for this machine" message.

  • When trying to generate the CA via cpconfig on a Security Management Server or mdsconfig on Multi-Domain Management Server the following error is seen:
    Could not create Certificate Authority. General problem in Certificate Authority. Failed to initiate Certificate Authority
    NOTE: The creation of the certificate failed
    .
  • When running mdssstat the CPCA status is down.

Cause

The issue is relevant to the below scenarios:

  1. Upon clean install of Security Management / Standalone / Multi-Domain Server R77.30 or below.
  2. Upon adding CMA on Multi-Domain Server below 77.30 Jumbo Hotfix take 143 (Inlcuding previous versions) .

The Internal Certification Authority (ICA) certificate is valid for 20 years. Starting on January 2018, the internal CA certificate expiration date will exceed the maximum Unix epoch time (January 19, 2038). Due to this, Check Point is setting the certificate expiration date to be equal to the maximum Unix epoch time.


Solution

Important Notes:

  • R80 and above releases are not affected by the issue.
  • R77.30 Jumbo Hotfix take 143 and above environments are not affected by the issue.

 


For R77.20
and below contact Check Point Support to get a solution for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification please collect CPinfo files from the Security Management and Security Gateways involved in the case.

For R77.30 based environments solutions would be provided according to the product it should be applied to:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment