There is more than 1 certificate for every Internal CA.
This cause the CMA not to recognizing the other CMA's ICAs.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
If you wish not to upgrade, delete the duplicates certificates in the DB.
- Take a snapshot (important!) before executing the script.
- Download RemoveDuplicateInternalCACertificates.tgz
- Move the tgz file to the machine home directory.
- Extract RemoveDuplicateInternalCACertificates.groovy script
- Assign the required permissions:
# chmod +x RemoveDuplicateInternalCACertificates.groovy
- Run the script:
# $MDS_FWDIR/scripts/run_groovy_script.sh ~/RemoveDuplicateInternalCACertificates.groovy