This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Serhii_Yaholnyt
Contributor
‎2018-09-10 05:27 AM

Is it possible to install trusted CA certificates automatically?

HI all.
I was looking for a way to install trusted CA certificates automatically and all I have found is sk64521. It says how to download trusted CA certificates automatically but there is nothing about automatic installation. Why CheckPoint decided to make this step manual? Why it can not just be installed with security policy silently without administrator's intervention?

6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-09-10 06:40 AM

The cited sk states the following:

To perform an automatic update of Trusted CAs on Security Gateway:

Note: This option is available starting in SmartDashboard R75.40.

...

This option is selected by default. Updates for the trusted CA list and Blacklist are automatically downloaded to the Security Gateway. You are notified if there is an available update. If you clear this checkbox, you disable the automatic updates.

So it is not clear to me why you do ask that Smiley Happy at all !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Serhii_Yaholnyt
Contributor
‎2018-09-10 07:00 AM
In response to G_W_Albrecht

It notifies when updates are downloaded and ready for installation but I want it to be installed without administrator's pressing "install now" button, I do not understand why it has to use old trusted CA database if administrator did not do it.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-09-10 07:33 AM
In response to Serhii_Yaholnyt

To be honest: I would not want that. Because when after a silent install i experience troubles i will not know what has caused them...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Serhii_Yaholnyt
Contributor
‎2018-09-10 07:48 AM
In response to G_W_Albrecht

I think it is trivial task and it should not lead to any problems. Besides, I do not understand, what problems can be caused by updating trusted certificates list.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-10 04:58 PM

Note that updating the CA store requires installing the Access Policy to take effect.

This has impacts above and beyond merely updating the CA store, which is why this is not done automatically.

If you wish, you can use cron to automate a periodic policy push.

There is expected to be a way to set an automatic Access Policy policy push in SmartConsole in R80.20.

Serhii_Yaholnyt
Contributor
‎2018-09-10 11:45 PM
In response to PhoneBoy

   Hi.

   But anyway i have to install updates for trusted CA and only after that to install policy. So i am talking not about automatic policy installation but about automatic trusted CA update installation. It could be installed silently or with notification about it and after that when administrator will be pushing policy, he will know, that trusted CA updates are installing in addition. 

   We had an issue with HTTPS Inspection: site's root CA was not in trusted CA list of CheckPoint, and when user was trying to get access to site, in browser he saw self-signed certificate(expected that certificate had to be signed with CheckPoint's imported one). Issue was solved by updating trusted CA. So, we want to make this process maximally automatic to avoid such situations in future.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events