I see, my problem is from time to time we have to import all the governamental certificates and they are more than 100, so it's time-wasting to import one by one.

Should be a nice feature to import many at the same time.

Thank you Dameon!

Hi, there isn't an out-of-the-box solution for this at the moment. We will consider this request in our next releases.

Thank you for your response Tomer Sole.

One of my customers needs to import a new Trusted Root as several sites are having issues with the fact this is not recognized by Check Point.  Dameon Welch-Abernathy   you saying that for this we should be using "Import outbound Certificate" as this looks more like the the one used for HTTPS Inspection and not Trusted CA i'm looking for. The only other option is to update the whole list with a zip of "unknown" contents with "unknown format" as per sk64521. 

According to sk122973 we could easily solve this issue by importing the Root CA of Digicert Inc. however this SK is inaccurate for 80.20. There is no such thing as 'SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import' . However looking at how SmartConsole looks in R80 (using the traditional console app for HTTPS Inspection) there is no such menu:

Regardless i've put 1-2 stars and Feedback on both SKs and waiting for updates. Check Point actually takes things into consideration and updates them when they get bad feedback. 

Hello Cezar,

The sk64521 is to update the list of certificates provided by CheckPoint and it's a ZIP file that CheckPoint TAC can provide you if you open a Ticket.

As per sk122973 the SK says the problem is only for 77.30 and 80.10, for other versions above r80.10 take 112 it seems to not have ever being seen.

If you are experienciend such a problem with those websites mentioned in the SK you should contact TAC.

To import the trusted CA certificate in R80.20 is the same way as in R80.10 (SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import outbound certificate) as Dameon Welch-Abernathy‌ mentioned.

Regards

Just checked myself, R77.30 and R80.20 show exactly the same option pictured in the post cezar varlan‌ pasted.
The option is there, though perhaps it is not labeled exactly as noted in the SK.

Dameon Welch-Abernathy‌ i believe in R77.30 you would have an "Advanced" Tab which is missing in my screenshot from 80.20. However the naming of the button is probably the same.

The SK is still wrong however

The naming of the menu is the same.

Please make sure to leave feedback in the SK so we can improve it.

Have a question, I need to get blade updates from an SMS working.  The SMS is using a third party proxy to reach the internet.  The Proxy does deep SSL inspection.  I've updated the ca-bundle.crt file on the SMS to include the cert that the Proxy is using.  This gets the GAIA level updates working.

Now when attempting to do application level updates for example IPS update this still fails.  I did attempt to install the cert in the 'Trusted CA's section (Import outbound certificate), but still no luck.

Any suggestions?  I do have a TAC case open but TAC have not come back to me in about 2 days now.