Support Center > Search Results > SecureKnowledge Details
How to renew Internal CA certificate Technical Level
Symptoms
  • CPM process is down after upgrade from R77.XX to R80.x.

  • The cpm.elg file shows:

    Caused by: com.checkpoint.infrastructure.utils.runtime.CpAssertionError: failed to load SIC cert file
    at
    com.checkpoint.infrastructure.utils.runtime.CpAssert$DefaultAssertionErrorCreator.createAssertionError(CpAssert.java:1)
    "Signature Algorithm" section of Internal CA certificate shows 2 different values.
    To view Internal CA certificate run: cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: | cpopenssl x509 -noout -text

  • The Internal CA certificate is expired or almost expired.
    To view the expiration date run:

    cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: | cpopenssl x509 -noout -enddate

  • CPM-Doctor test: "Certificates Expiration Check"
    fails with the error message: "Certificate <> has expired" or "Certificate <> is about to expire in one year"
    For those who are not familiar with CPM-Doctor, check sk117219.
Cause

Internal CA certificate format is not supported by Java, or certificate is (almost) expired and needs to be renewed.


Solution
Note: To view this solution you need to Sign In .