How to determine SIC Certificate expiration date

From cpwiki.net
Revision as of 15:43, 12 April 2013 by Nighthawk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Check Point Profressional Services

How to determine SIC Certificate expiration date

Solution ID: sk62873 Product: SecurePlatform Version: R70, R71, R75 OS: SecurePlatform, SecurePlatform 2.6, Windows Platform: All Last Modified: 11-Aug-2011

Did this solution solve your problem? [Click on the stars to rate] Solution

If you want to determine the SIC Certificate Expiration date you can view your certificates by running the following command via the management server:

[Expert@mgmt]# cpca_client lscert
    • NOTE: This command only works on R65 HFA50 and above.
===========================================

EXAMPLE OUTPUT:

Operation succeeded. rc=0. 4 certs found.

Subject = CN=mgmt,O=mgmt..bbqdkc Status = Valid Kind = SIC Serial = 37748 DP = 0 Not_Before: Sun Apr 3 09:50:11 2011 Not_After: Sat Apr 2 09:50:11 2016

Subject = CN=cp_mgmt,O=mgmt..bbqdkc Status = Valid Kind = SIC Serial = 42070 DP = 0 Not_Before: Sun Apr 3 09:50:06 2011 Not_After: Sat Apr 2 09:50:06 2016

Subject = CN=gw,O=mgmt..bbqdkc Status = Valid Kind = SIC Serial = 10659 DP = 0 Not_Before: Wed Apr 20 23:42:35 2011 Not_After: Tue Apr 19 23:42:35 2016

Subject = CN=gw,O=mgmt..bbqdkc Status = Revoked Kind = SIC Serial = 8013 DP = 0 Not_Before: Sun Apr 3 10:28:55 2011 Not_After: Sat Apr 2 10:28:55 2016

===========================================

The output can be further filtered using the following optional switches together with the lscert option.

[-stat Pending|Valid|Revoked|Expired|Renewed]

and

[-kind SIC|IKE|User|LDAP]

A SIC Cert is valid for 5 years from creation(true in older check point versions?)