- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi all,
So, we are trying to connect to the teapi and getting an error on our self-signed certificate is not trusted.
Where do I export my manager's certificate & how can I code this (python) so it is trusted rather than ignored?
At least for fresh installs of recent versions (e.g. R81.20), the CA should be valid until end of 2037.
You can verify this by viewing the internal_ca object (under Servers > Trusted CA in the Objects Explorer).
It's not the certificate necessarily, it's the Certificate Authority (which is presumably the ICA).
You might need to use the ICA Management Tool to get it: https://support.checkpoint.com/results/sk/sk30501
Coding acceptance of this in Python is a separate question.
The developers would prefer to use a wildcard certificate rather than use the CA, becuase they think it will be more of a security risk and harder to manage changes. Is there a way to use my gateway's certificate (signed), https://hostname.my.domain:18194/teapi/etc and force the api to use it instead of the ica reference to my manager?
It appears the teapi leverages UserCheck, which has a portal certificate you can replace.
See: https://support.checkpoint.com/results/sk/sk113599
Isn't usercheck exclusively for browser connectivity vs a python script to 18194?
That makes more sense as UserCheck is used for the "user facing" parts of Threat Emulation/Extraction.
The SK I linked suggests that the relevant Internal CA is what you need to trust as that's how it is configured in SmartEndpoint.
Don't believe there is a supported way to change the API endpoint certificate.
I agree, that I need to trust the ICA. Does that change every year now?
At least for fresh installs of recent versions (e.g. R81.20), the CA should be valid until end of 2037.
You can verify this by viewing the internal_ca object (under Servers > Trusted CA in the Objects Explorer).
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY