https://community.checkpoint.com/t5/General-Topics/External-Certificates-for-IPSEC-VPN/m-p/256270#M43151 <P>Yes. In summary:</P> <UL data-start="1152" data-end="1326"> <LI data-start="1152" data-end="1207"> <P data-start="1154" data-end="1207"><STRONG data-start="1154" data-end="1175">Site-to-Site VPN:</STRONG> Use <CODE data-start="1180" data-end="1204">show vpn-trusted-certs</CODE>.</P> </LI> <LI data-start="1208" data-end="1326"> <P data-start="1210" data-end="1326"><STRONG data-start="1210" data-end="1232">Remote Access VPN:</STRONG> Check <CODE data-start="1239" data-end="1257">show trusted-cas</CODE>. The actual RA VPN certificate will be signed by one of these CAs.</P> </LI> </UL> <P>Andy</P> Sun, 31 Aug 2025 23:12:11 GMT the_rock 2025-08-31T23:12:11Z https://community.checkpoint.com/t5/General-Topics/External-Certificates-for-IPSEC-VPN/m-p/256254#M43150 <P>Hi,</P><P>I am trying to check the external certificates on the management server for Site to Site VPN and Remote Access will the commands below show these.&nbsp;</P><P>I dont have access to the SmartConsole only on the CLI of management server.</P><P>We are using R81.10 take 172</P><P>mgmt_cli show vpn-trusted-certs -s id.txt</P><P>mgmt_cli show trusted-cas -s id.txt</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P> Sun, 31 Aug 2025 11:10:11 GMT https://community.checkpoint.com/t5/General-Topics/External-Certificates-for-IPSEC-VPN/m-p/256254#M43150 baby79 2025-08-31T11:10:11Z https://community.checkpoint.com/t5/General-Topics/External-Certificates-for-IPSEC-VPN/m-p/256270#M43151 <P>Yes. In summary:</P> <UL data-start="1152" data-end="1326"> <LI data-start="1152" data-end="1207"> <P data-start="1154" data-end="1207"><STRONG data-start="1154" data-end="1175">Site-to-Site VPN:</STRONG> Use <CODE data-start="1180" data-end="1204">show vpn-trusted-certs</CODE>.</P> </LI> <LI data-start="1208" data-end="1326"> <P data-start="1210" data-end="1326"><STRONG data-start="1210" data-end="1232">Remote Access VPN:</STRONG> Check <CODE data-start="1239" data-end="1257">show trusted-cas</CODE>. The actual RA VPN certificate will be signed by one of these CAs.</P> </LI> </UL> <P>Andy</P> Sun, 31 Aug 2025 23:12:11 GMT https://community.checkpoint.com/t5/General-Topics/External-Certificates-for-IPSEC-VPN/m-p/256270#M43151 the_rock 2025-08-31T23:12:11Z