This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ProxyOps
Contributor
Tuesday
Jump to solution

ACME Support in Check Point products | SSL/TLS certificate lifespans reduced to 47 days by 2029

Hello Checkmates!

As you may have already heared the CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.

We are currently replacing our certificates via cpopenssl yearly by hand but this is no longer feasible when the lifespans willl be reduced every year now until 2029.

Are there already out of the box solutions in the Check Point product suite for protocols like ACME to support auto renewal of certificates in Check Point products?

Best regards


(1)
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

I know we have REST API support for changing certificates used for HTTPS Inspection as well as some of the certificates on the gateway itself in R82.
That's not ACME support, of course.
I recommend engaging with your local Check Point office with your precise requirements.

View solution in original post

Alex-
Leader Leader
Leader
Tuesday
Jump to solution

Read about this today too, the changes will be phased as follows:

  • March 15, 2026: Newly issued certificates, including their Domain Control Validation, aka DCV, will have to be renewed every 200 days.
  • March 15, 2027: That lifespan will go down to 100 days.
  • March 15, 2029: New SSL/TLS certificates will be limited to 47 days, and 10 days for DCVs.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

I know we have REST API support for changing certificates used for HTTPS Inspection as well as some of the certificates on the gateway itself in R82.
That's not ACME support, of course.
I recommend engaging with your local Check Point office with your precise requirements.

Alex-
Leader Leader
Leader
Tuesday
Jump to solution

Read about this today too, the changes will be phased as follows:

  • March 15, 2026: Newly issued certificates, including their Domain Control Validation, aka DCV, will have to be renewed every 200 days.
  • March 15, 2027: That lifespan will go down to 100 days.
  • March 15, 2029: New SSL/TLS certificates will be limited to 47 days, and 10 days for DCVs.
the_rock
Legend
Legend
Tuesday
Jump to solution

Read about it yesterday, was having hard time believing it was true, but it definitely is.

Andy

0 Kudos
Nüüül
Advisor
Advisor
Wednesday
Jump to solution

i second this. would be great to configure multiportal deamon to present ACME certificates and renew them automatically.  something completely different from https inspection

 

Great would be  being able to have an option on several portals independent from each other. (perhaps per hostname, instead port) and in smartconsole / mgmt api - like saml-vpn, sslvpn, usercheck and so on.

 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events