"Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018
Environment: Management Tool User Certificate Validity Period in ICA Tool set to "7300" days
The parameter "Management Tool User Certificate Validity Period" in the ICA Tool represents the amount of time that a user certificate is valid when initiated using the Management Tool.
If the value of this parameter is set to "7300" days (20 years), the CA will not able to add the "not valid after" field of the ToBeSigned certificate created from a template.
Starting on January 2018, the "not valid after" field will exceed the maximum Unix epoch time (January 19, 2038). Due to this, Check Point is setting the certificate expiration date to be equal to the maximum Unix epoch time.