- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
My trusted CA lists is outdated.
I have Trusted CAs configured to "Download and install updates automatically"
Diagnose steps I took:
cat $CPDIR/database/downloads/TRUSTED_CA/2.0/Update_Status.dat
[Expert@fc-fw-mgmt:0]# cat Update_Status.dat
(
:Last_Update_Status (3)
:Last_Update_Time (1762070951)
:Last_Update_Reason ()
:Success_Time (1756302852)
)
[Expert@fc-fw-mgmt:0]# date -d 1756302852d @
Wed Aug 27 16:54:12 IDT 2025
[Expert@fc-fw-mgmt:0]# date -d @176207095
Sun Nov 2 10:09:11 IST 2025
[Expert@fc-fw-mgmt:0]# ll
total 16
drwx------ 2 admin root 56 Aug 12 16:53 3.8
drwx------ 2 admin root 56 Aug 27 16:54 3.9
-rw-rw-r-- 1 admin config 113 Nov 2 10:09 Update_Status.dat
-rw-rw---- 1 admin root 66 Aug 27 16:54 last_revision.xml
-rw-rw---- 1 admin config 66 Aug 27 16:54 last_revision_old.xml
-rw-rw---- 1 admin root 10 Aug 27 16:54 tmp_revisions_order.txt
Looks like it had a successful update 2 months ago
I have looked into few articles and threads such as:
https://support.checkpoint.com/results/sk/sk64521
https://support.checkpoint.com/results/sk/sk173629
https://support.checkpoint.com/results/sk/sk132812
https://support.checkpoint.com/results/sk/sk64521
https://community.checkpoint.com/t5/Management/Updating-trusted-CA-list-on-mgmt-server/m-p/150614
https://community.checkpoint.com/t5/General-Topics/HTTPS-inspection-root-CA-updates/td-p/5006
None of those has information regarding updates logs or troubleshoot.
Ver: R81.20
R81_20_JUMBO_HF_MAIN Take: 113
How do I know the list is not updated?
For example: msn.com chain is DigiCert Global Root G2 > Microsoft Azure RSA TLS Issuing CA 03 > *.msn.com
DigiCert Global Root G2 is missing from the list.
I also get HTTPS inspection errors like:
Certificate Chain is not signed by a Trusted CA. Refer to sk179944 for more details.
Certificate DN: 'CN=*.msn.com,O=Microsoft Corporation,L=Redmond,ST=WA,C=US' Requested Server Name: msn.com
| User | Count |
|---|---|
| 32 | |
| 28 | |
| 20 | |
| 12 | |
| 11 | |
| 11 | |
| 10 | |
| 8 | |
| 8 | |
| 7 |
Thu 19 Mar 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #2: AI Security Challenges and SolutionsTue 24 Mar 2026 @ 04:00 PM (CET)
Maestro Masters EMEA: Hyperscale Firewall Architectures and OptimizationTue 24 Mar 2026 @ 03:00 PM (EDT)
Maestro Masters Americas: Hyperscale Firewall Architectures and OptimizationTue 24 Mar 2026 @ 06:00 PM (COT)
San Pedro Sula: Spark Firewall y AI-Powered Security ManagementThu 19 Mar 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #2: AI Security Challenges and SolutionsTue 24 Mar 2026 @ 04:00 PM (CET)
Maestro Masters EMEA: Hyperscale Firewall Architectures and OptimizationTue 24 Mar 2026 @ 03:00 PM (EDT)
Maestro Masters Americas: Hyperscale Firewall Architectures and OptimizationTue 24 Mar 2026 @ 06:00 PM (COT)
San Pedro Sula: Spark Firewall y AI-Powered Security ManagementThu 26 Mar 2026 @ 06:00 PM (COT)
Tegucigalpa: Spark Firewall y AI-Powered Security Management