Support Center > Search Results > SecureKnowledge Details
Pushing VSX configuration fails with "The certificate is not valid" Technical Level
Symptoms
  • Pushing configuration to a Virtual System fails:

    Checking connection with VSX
    Generating VSX Configuration for XXX on XXX.
    Pushing VSX Configuration to <VS_NAME>.
    <VS_NAME>: error :Virtual System cannot be created 
    <VS_NAME>: VSX configuration was applied successfully.
    Virtual System Processing Completed Successfully
    Establishing Trust with - <Object_Name> ...
    The certificate is not valid.
    Failed to establish trust with <Object_Name> - 
    
    Initiating trust with Virtual System operation has finished with warnings.
             Make sure that all Virtual Systems/Routers are accessible from the management server,
             and that you have a valid license. Edit the failed object and click OK.
             If the problem persists contact Check Point Technical Support.
    
  • Renewing the certificate on the Virtual System or resetting the SIC does not resolve issue.

  • Output of [Expert@HostName]# cpca_client lscert -dn "CN=" from the Management Server , shows that the relevant certificate is on 'Pending' status.
  • Output of [Expert@HostName]# vsx stat -v on the VSX shows that the relevant Virtual System is on 'Untrust' status.
Cause

The Management Server is pushing the SIC certificate to the Virtual System using port 18211 (service FW1_ica_push).

The Virtual System is pulling the SIC certificate from its Management Server using port 18210  (service FW1_ica_pull).

If connectivity is not allowed on these ports, the Management Server and the VSX will fail to push and pull the certificate.


    Solution
    Note: To view this solution you need to Sign In .