cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Is it possible to install trusted CA certificates automatically?

HI all.
I was looking for a way to install trusted CA certificates automatically and all I have found is sk64521. It says how to download trusted CA certificates automatically but there is nothing about automatic installation. Why CheckPoint decided to make this step manual? Why it can not just be installed with security policy silently without administrator's intervention?

6 Replies

Re: Is it possible to install trusted CA certificates automatically?

The cited sk states the following:

To perform an automatic update of Trusted CAs on Security Gateway:

Note: This option is available starting in SmartDashboard R75.40.

...

This option is selected by default. Updates for the trusted CA list and Blacklist are automatically downloaded to the Security Gateway. You are notified if there is an available update. If you clear this checkbox, you disable the automatic updates.

So it is not clear to me why you do ask that Smiley Happy at all !

Re: Is it possible to install trusted CA certificates automatically?

It notifies when updates are downloaded and ready for installation but I want it to be installed without administrator's pressing "install now" button, I do not understand why it has to use old trusted CA database if administrator did not do it.

0 Kudos

Re: Is it possible to install trusted CA certificates automatically?

To be honest: I would not want that. Because when after a silent install i experience troubles i will not know what has caused them...

Re: Is it possible to install trusted CA certificates automatically?

I think it is trivial task and it should not lead to any problems. Besides, I do not understand, what problems can be caused by updating trusted certificates list.

0 Kudos
Admin
Admin

Re: Is it possible to install trusted CA certificates automatically?

Note that updating the CA store requires installing the Access Policy to take effect.

This has impacts above and beyond merely updating the CA store, which is why this is not done automatically.

If you wish, you can use cron to automate a periodic policy push.

There is expected to be a way to set an automatic Access Policy policy push in SmartConsole in R80.20.

Re: Is it possible to install trusted CA certificates automatically?

   Hi.

   But anyway i have to install updates for trusted CA and only after that to install policy. So i am talking not about automatic policy installation but about automatic trusted CA update installation. It could be installed silently or with notification about it and after that when administrator will be pushing policy, he will know, that trusted CA updates are installing in addition. 

   We had an issue with HTTPS Inspection: site's root CA was not in trusted CA list of CheckPoint, and when user was trying to get access to site, in browser he saw self-signed certificate(expected that certificate had to be signed with CheckPoint's imported one). Issue was solved by updating trusted CA. So, we want to make this process maximally automatic to avoid such situations in future.

0 Kudos