Re: [FW-1] Certificate error!

Subject:	Re: [FW-1] Certificate error!
From:	Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 28 Oct 2005 07:56:13 +0200

hi,

Cesar wrote how to set SIC - however, maybe youhave a problem with the date&time on one of yourboxes. please check system date on your mgmt and module


cheers
reinhard

At 04:28 28.10.2005, you wrote:

This is an error caused, because secure internal communication (SIC) is
spoiled, and you have to renew it, to execute this process please follow
this steps:
At your Nokia, execute the following command "Nokia [admin]# cpconfig"
Choose the option where says " Secure Internal Communication" it will ask if
you want to continue
Configuring Secure Internal Communication...
============================================
The Secure Internal Communication is used for authentication between
Check Point components

Trust State: Trust established

Would you like re-initialize communication? (y/n)

Choose "y" this will renew it at your firewall (after the process finish,
the box will reboot)

Then at you SmartCenter, go to the properties of your checkpoint host
(console) and at general properties, push "Communication", then a box  in
another window appears and you can reestablish SIC.

After finishing, reinstall your policies.

Regards,
Cesar Berho

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Harold
Rugama C
Sent: Miércoles, 26 de Octubre de 2005 06:27 p.m.
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Certificate error!

Hello Mailing list users,

Thank you all for your support, all your ideas gave several ways to solve
this inconvenience.

But now I'm frustrated!, I don't know what to do!

When I'm trying to compile my base rule, everything is great but when I
tried to installed them at my IP350, an error pop up.

Stating:

Advanced Security:

Reason: SIC is not initialized either at the SmartCenter Server or the
peer [ SIC error no. 119 ] check that SIC is configured both on
SmartCenter Server and peer, and that both have valid SIC certificates.

With my SmartDash Board I click on properties and then General Properties
option, then at the Communication buttom, it says Trust establish, but
when I click the "TEST SIC STATUS" button an error shows up stating:

SIC Status for nip350-fw1:        Not Communicating

Internal SSL authentication error [ Certificate chain is inconsistent ]


What is this???, someone has an idea how can I solve this???

Regards,

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


--
Reinhard Stich  ASSIST  R.Stich AT internet-security DOT at
Internet Security AG,      1150 Wien, Johnstrasse 29

Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] CheckPoint on SunFire V40z, Lindolfo Alves Re: [FW-1] CheckPoint on SunFire V40z, Russell Aspinwall Re: [FW-1] CheckPoint on SunFire V40z, Jon Bagshaw Re: [FW-1] CheckPoint on SunFire V40z, Michael Schwartzkopff [FW-1] Certificate error!, Harold Rugama C Re: [FW-1] Certificate error!, Cesar Berho Re: [FW-1] Certificate error!, Reinhard Stich <= Re: [FW-1] CheckPoint on SunFire V40z, Dan Boucaut, Re: [FW-1] CheckPoint on SunFire V40z, Dan Boucaut,

Previous by Date:	Re: [FW-1] Certificate error!, Cesar Berho
Next by Date:	Re: [FW-1] Cluster using wrong IP address, Hendriks, Michael
Previous by Thread:	Re: [FW-1] Certificate error!, Cesar Berho
Next by Thread:	Re: [FW-1] CheckPoint on SunFire V40z, Dan Boucaut,
Indexes:	[Date] [Thread] [Top] [All Lists]