Certificate error when setting up Checkpoint box
I'm trying to add a new Checkpoint box to report into our Envision setup. We decided to go with SSLCA authentication, so I made it to the point where the following command needs to be run from the LC:
OPSEC_pull_cert –h 192.168.1.1 –p password –n enVision_OPSEC
However, after running that command, I get the following error:
Opsec error. rc=-1 err=-93 The referred entity does not exist in the Certificate Authority.
I was able to add a second Checkpoint box fine using this same method, but for some reason, this particular one is being troublesome.
Any ideas as to what could be causing this error?
I am receiving the same error and found Solution ID a36558 on RSA's SecureCare Online Knowledgebase, but it doesn't actually tell you how to fix the issue. In my case it says that the cause is "The SIC communication with the adapter is already in the ''Trust established'' mode."
Anyone know how to fix the fact that the adapter is already in the "Trust established" mode? I have 2 other Check Point systems setup and working properly but repeating the process on this third one is failing. I have it configured with:
- Authentication connection: NG Server Authentication
- Authentication type: sslca
Thanks in advance!
Our firewall admin reset the SIC on the Check Point firewall and installed policy to apply the change. That fixed it on the enVision side so I was able to run the OPSEC_pull_cert properly.