Checkpoint: Regenerate the Internal CA

Regenerate the Internal CA Without Breaking SIC

The internal CA certificate expires after 5 years, meaning that if you don’t catch this in time you won’t be able to log into the dashboard or the web UI. You can of course reset SIC on the command line using cpconfig but you will have to re-establish SIC with all your gateways which may be a lot of bother – besides that, any site-to-site or client certificate-based VPNs will also break. This article describes how to regenerate the internal CA without breaking SIC.

This is done on the command line and once completed (a matter of 5 minutes or less) then you will be able to log back in with SmartDashboard and push policies to all your managed gateways; all your certificate-based VPN operations will, quite happily, be none the wiser.

This example is from a R75.20 installation but is common to all up to R77.xx.

On the management station:

Enter expert mode and issue the following commands:

  1. Find the path to your existing (expired) certificate:
    [Expert@mgmt]# find / -name "sic_cert.p12"
    /var/opt/CPshrd-R75.20/conf/sic_cert.p12
    [Expert@mgmt]
  2. Revoke the certificate:
    [Expert@mgmt]# cpca_client revoke_cert -n “CN=cp_mgmt”
  3. Create a new certificate based on the old one
    cpca_client create_cert -n “CN=cp_mgmt” -f /var/opt/CPshrd-R75.20/conf/sic_cert.p12
  4. Restart your Checkpoint services
    [Expert@mgmt]# cpstop 
    [Expert@mgmt]# cpstart

You should now be able to log in with SmartDashboard and everything else which relies on SIC!

Android: ‘Secret’ Service Codes

*#*#4636#*#* Displays information about Phone Battery and Usage statistics
*#*#7780#*#* Resets your phone to factory state – only deletes application data and applications
*2767*3855# Wipes the handset and re-installs firmware
*#*#34971539#*#* Displaysinformation about the camera
*#*#7594#*#* Changes the power button behavior – enables direct power-off once the code is enabled
*#*#273283*255*663282*#*#* Backs up all media files
*#*#197328640#*#* Enables test mode for service activity
*#*#232339#*#* or *#*#526#*#* or *#*#528#*#* Wireless Lan Tests
*#*#232338#*#* Displays Wi-Fi Mac-address
*#*#1472365#*#* Quick GPS test
*#*#1575#*#* A different type of GPS test
*#*#0283#*#* Packet Loopback test
*#*#0*#*#* LCD display test
*#*#0673#*#* or *#*#0289#*#* Audio test
*#*#0842#*#* Vibration and Backlight test
*#*#2663#*#* Displays touch-screen version
*#*#2664#*#* Touch-Screen test
*#*#0588#*#* Proximity sensor test
*#*#3264#*#* Ram version
*#*#232331#*#* Bluetooth test
*#*#7262626#*#* Field test
*#*#232337#*# Displays bluetooth device address

If anyone has any more, please let me know and I’ll add them to the list!

Android: Google Nexus S – “Phone Number Unknown” (same for other ‘droid phones)

Sometimes SIMs are delivered without their own phone number hard-coded into it. While this is not necessarily an issue regarding functionality, it can have a few aesthetic repercussions, namely that your own contact picture does not show up in SMS / chat threads and the like.

With Android, you are not able to edit the SIM directly and therefore you will need to put your SIM into another phone, program the number in and then move it back over to your ‘droid handset.

There are a whole bunch of handsets that will allow you to do this, I personally used a Blackberry Storm:

Options > Advanced Options > Sim Card > Edit SIM Phone Number

Enter +44xxxxxxxxxxx (insert your number for the Xs)

And there you go!

Vodafone Forum thread on the subject can be found here:

http://forum.vodafone.co.uk/t5/Google-Nexus/Nexus-One-Phone-Number-Unknown/td-p/396799

Exit mobile version
%%footer%%