i also have taken this to checkpoint support, and they said i should submit a RFE via checkpoint office...

...funny thing is that they don't seem to know there own product, because with R82 API you can already do all the needed certificate settings...

see https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/set-simple-cluster~v2.0.1

for example:

add via api:
mgmt_cli --root true set simple-cluster name "CLUSTER" vpn-settings.certificates.add.name "testcertdeleteme" vpn-settings.certificates.add.certificate-authority "HARICA_TLS_RSA_Root_CA_2021" vpn-settings.certificates.add.enrollment.enrollment-settings.distinguished-name "CN=commonname.com,O=Org,ST=Vienna,C=AT" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.1.name-type "fqdn" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.1.value "3.commonname.com" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.2.name-type "fqdn" vpn-settings.certificates.add.enrollment.enrollment-settings.alternate-names.2.value "firewall.commonname.com"

remove via api:
mgmt_cli --root true set simple-cluster name "CLUSTER" vpn-settings.certificates.remove "cername_exp20251113" ignore-warnings "true"

usercheck portal would be:

mgmt_cli --root true set simple-cluster name "CLUSTER" usercheck-portal-settings.certificate-settings

so if you have the certificate via acme, you can import it via api, at least on R82