https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245417#M47801 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/64803">@AaronCP</a>&nbsp; this is exactly what I was after as I hadn't yet spent any time investigating myself so thank you.</P><P>&nbsp;</P> Tue, 01 Apr 2025 21:16:43 GMT cdav 2025-04-01T21:16:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/156517#M26851 <P>Hi All!</P><P><SPAN>The Generic Data Center resource has certificate issued by 3rd party CA (internal CA). During connection procedure we need to approve certificate. The issue is the expiration time of the certificate is 4 days due to some internal reasons. Every 4 days the certificate expired and the Data Center is not available. New approval is needed after that. How we can avoid the situation with every 4 days approvals? May be we can add the CA to trusted or some how else?</SPAN></P> Mon, 05 Sep 2022 13:16:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/156517#M26851 k_schekotoff 2022-09-05T13:16:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245319#M47780 <P>Is anyone able to provide information here? I am looking to utilise generic data center object and the file would be hosted somewhere that would require TLS.</P> Tue, 01 Apr 2025 07:54:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245319#M47780 cdav 2025-04-01T07:54:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245383#M47790 <P>Have you tried adding the relevant CA to the trusted store?<BR />This is configured with HTTPS Inspection, which has to be done in SmartDashboard prior to R82.<BR />Otherwise, you'd have to ask TAC.</P> Tue, 01 Apr 2025 15:37:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245383#M47790 PhoneBoy 2025-04-01T15:37:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245398#M47792 <P>Hey <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/37333">@cdav</a>,</P> <P>I referenced this issue on&nbsp;<A href="https://community.checkpoint.com/t5/Cloud-Network-Security/Azure-Data-Center-Objects-Inaccessible/m-p/244722#M5283" target="_blank" rel="noopener">this thread</A>&nbsp;recently. It's operating as designed - if you were targeting a JSON file hosted on an external GitHub repo for your IP feed, if the certificate changes, you'd want to update the certificate to avoid any secuirty issues. As a result, the gateway will clear the object cache until you accept the new certificate, impacting traffic in the process.</P> <P>This is a current concern of ours. We're starting to use more of these objects in our production firewall policies to enable application owners to automate traffic flows specific to their application. It's become crucial we track certificate expiry dates to avoid impact in production. I've got an open SR with our Diamond Engineer to investigate possible workarounds to this issue. I'll update this thread if I get anywhere with it!</P> Tue, 01 Apr 2025 18:44:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245398#M47792 AaronCP 2025-04-01T18:44:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245417#M47801 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/64803">@AaronCP</a>&nbsp; this is exactly what I was after as I hadn't yet spent any time investigating myself so thank you.</P><P>&nbsp;</P> Tue, 01 Apr 2025 21:16:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Generic-Data-Center-HTTPS-connection/m-p/245417#M47801 cdav 2025-04-01T21:16:43Z