Support Center > Search Results > SecureKnowledge Details
Secondary MDS and MLM are unable to renew certificate Technical Level
Symptoms
  • Secondary MDS or MLM can't renew management certificate.
    If MDS/MLM failed to renew a management certificate until end of graceful renewal period, the clients trying to connect to MDS/MLM in question would get error: "Certificate is revoked".
  • cpd.elg shows:
    [CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] sicRenew: SIC Renewal: Cannot renew SIC certificate. Failed to initialize renewal protocol with the ICA.
    [CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] sicRenew: Try to restart all Check Point processes.
    [CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] Renew_SIC_Cert_cb: CPD failed to renew sic certificate. status = 3, rc - -1.
    [CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] Renew_SIC_Cert_cb: Will try again in 1 hour.
  • 'sicRenew -d' shows:
    [16 Jan 22:39:07] Get_mngmt_IP: Running on a standby management will look for active one.
    [16 Jan 22:39:07] CreateStrList: Invalid list size, 0.
    [16 Jan 22:39:07] RenewSICCert: Failed getting management IP list.
    [16 Jan 22:39:07] SIC Renewal: Cannot renew SIC certificate. Failed to initialize renewal protocol with the ICA.
Solution
Note: To view this solution you need to Sign In .