Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Change the IP address on Clients

Posted on 2008-10-01
2
478 Views
Last Modified: 2013-11-16
Our company network consists of a few hundred laptops all of which have Checkpoint VPN configured with the site IP.

We are moving out datacentre and will need to update the IP on all of our laptops. I want to deploy a script remotely which will transparently update the site IP address. The script works however it causes a certificate problem and the users would be unable to connect.

If the laptop connects to VPN while still on the LAN after the change the certificate problem is not an issue. However we cannot expect all users to be able to do that.

Is there anyway to update the certificate at the same time as running the script. It would be even nicer if there was a checkpoint tool.

I appreciate all your help.
0
Comment
Question by:Lotok
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22614710
In order to update the cert, you would have to issue a new one.  This is presuming that it was issued to the IP address and that the clients connect to that IP address instead of an FQDN.  If you have a DNS name, you might consider issuing to that instead and having the IP address as a SAN (Subject Alternate Name) - many commercial CA's will allow you to do this, if you don't see it just look at their FAQ or contact their support for specifics.  Essentially, whatever address is entered is what needs to match the cert.

As this is a purposeful change, I would not expect that they would reissue under your previous order - you would have to purchase a new cert.  However, it never hurts to ask - since the cert is for the same box there may be some vendors that might accept that as a free reissuance.

If this is your own CA, I will presume a Microsoft CA - when you pass the CSR through the Certsrv page, there is an Attributes box that you can use to enter SAN:IP=192.168.0.1 (or SAN:DNS=vpn.yourdomain.com)

Certs are used by software, the software creates the CSR but does not have a way to 'update' it, so to speak, without the help of the CA.  There may be an update or replace function in most softwares, but that is just handling the new cert vs the old, not actually doing it to itself.

If this is a self signed cert, then just go through the process to create a new self signed cert and push that to clients as you would have done before, presumably GPO.

If you need anything more specific, let me know.
0
 
LVL 8

Author Closing Comment

by:Lotok
ID: 31501972
Concluded from your info and our network guys, it cant be done as I intended. Sorry for late close, been away.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Firewall blocking images 4 79
Cisco ASA LDAP Authentication for VPN and Management 8 39
RRAS computer has too many IP addresses 24 20
Configure BGP 22 11
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question