Support Center > Search Results > SecureKnowledge Details
How to renew SIC certificate for Security Management Server / Multi-Domain Security Management Server Technical Level
Solution

First, take a backup or snapshot of the machine.

 

For Security Management Server

  1. Verify that the "cpca" process is up and running:

    [Expert@HostName]# ps auxw | grep -v grep | grep cpca

  2. Back up the existing certificate:

    • For Linux / UNIX:
      [Expert@HostName]# cp $CPDIR/conf/sic_cert.p12{,_BACKUP}
    • For Windows:
      1. Go to %CPDIR%\conf\ folder

      2. Create a copy of sic_cert.p12 file

  3. Run the sicRenew -d command.

  4. Stop Check Point services: [Expert@HostName]# cpstop

  5. Rename the new certificate:

    [Expert@HostName]# mv $CPDIR/conf/new_sic_cert.p12  $CPDIR/conf/sic_cert.p12 

  6. Start Check Point services: [Expert@HostName]# cpstart

    Note: Restart of Check Point services is necessary to update the cache of processes running on the Security Management Server with the new SIC certificate details.

 

For Multi-Domain Management CMA / Domain Management Server

  1. Verify that the "CPCA" process is up and running in the relevant context:

    [Expert@HostName]# mdsstat

  2. Switch to the relevant context:

    • For MDS: [Expert@HostName]# mdsenv

    • For CMA/Domain: [Expert@HostName]# mdsenv <CMA/Domain_Name>

  3. Back up the existing certificate:

    [Expert@HostName]# cp $CPDIR/conf/sic_cert.p12{,_BACKUP}

  4. Run the sicRenew -d command.

  5. Stop Check Point services in the relevant context:

    • For MDS: [Expert@HostName]# mdsstop -m

    • For CMA/Domain: [Expert@HostName]# mdsstop_customer <CMA/Domain_Name>

  6. Rename the new certificate:

    [Expert@HostName]# mv $CPDIR/conf/new_sic_cert.p12 $CPDIR/conf/sic_cert.p12 

  7. Start Check Point services in the relevant context:

    • For MDS: [Expert@HostName]# mdsstart -m

    • For CMA/Domain: [Expert@HostName]# mdsstart_customer <CMA/Domain_Name>

    Note: Restart of Check Point services is necessary to update the cache of processes running on the Security Management Server with the new SIC certificate details. 

 

Related solutions:

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment