Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Change the IP address on Clients

Posted on 2008-10-01
2
Medium Priority
?
496 Views
Last Modified: 2013-11-16
Our company network consists of a few hundred laptops all of which have Checkpoint VPN configured with the site IP.

We are moving out datacentre and will need to update the IP on all of our laptops. I want to deploy a script remotely which will transparently update the site IP address. The script works however it causes a certificate problem and the users would be unable to connect.

If the laptop connects to VPN while still on the LAN after the change the certificate problem is not an issue. However we cannot expect all users to be able to do that.

Is there anyway to update the certificate at the same time as running the script. It would be even nicer if there was a checkpoint tool.

I appreciate all your help.
0
Comment
Question by:Lotok
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 1000 total points
ID: 22614710
In order to update the cert, you would have to issue a new one.  This is presuming that it was issued to the IP address and that the clients connect to that IP address instead of an FQDN.  If you have a DNS name, you might consider issuing to that instead and having the IP address as a SAN (Subject Alternate Name) - many commercial CA's will allow you to do this, if you don't see it just look at their FAQ or contact their support for specifics.  Essentially, whatever address is entered is what needs to match the cert.

As this is a purposeful change, I would not expect that they would reissue under your previous order - you would have to purchase a new cert.  However, it never hurts to ask - since the cert is for the same box there may be some vendors that might accept that as a free reissuance.

If this is your own CA, I will presume a Microsoft CA - when you pass the CSR through the Certsrv page, there is an Attributes box that you can use to enter SAN:IP=192.168.0.1 (or SAN:DNS=vpn.yourdomain.com)

Certs are used by software, the software creates the CSR but does not have a way to 'update' it, so to speak, without the help of the CA.  There may be an update or replace function in most softwares, but that is just handling the new cert vs the old, not actually doing it to itself.

If this is a self signed cert, then just go through the process to create a new self signed cert and push that to clients as you would have done before, presumably GPO.

If you need anything more specific, let me know.
0
 
LVL 8

Author Closing Comment

by:Lotok
ID: 31501972
Concluded from your info and our network guys, it cant be done as I intended. Sorry for late close, been away.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month20 days, 22 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question