- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
My trusted CA lists is outdated.
I have Trusted CAs configured to "Download and install updates automatically"
Diagnose steps I took:
cat $CPDIR/database/downloads/TRUSTED_CA/2.0/Update_Status.dat
[Expert@fc-fw-mgmt:0]# cat Update_Status.dat
(
:Last_Update_Status (3)
:Last_Update_Time (1762070951)
:Last_Update_Reason ()
:Success_Time (1756302852)
)
[Expert@fc-fw-mgmt:0]# date -d 1756302852d @
Wed Aug 27 16:54:12 IDT 2025
[Expert@fc-fw-mgmt:0]# date -d @176207095
Sun Nov 2 10:09:11 IST 2025
[Expert@fc-fw-mgmt:0]# ll
total 16
drwx------ 2 admin root 56 Aug 12 16:53 3.8
drwx------ 2 admin root 56 Aug 27 16:54 3.9
-rw-rw-r-- 1 admin config 113 Nov 2 10:09 Update_Status.dat
-rw-rw---- 1 admin root 66 Aug 27 16:54 last_revision.xml
-rw-rw---- 1 admin config 66 Aug 27 16:54 last_revision_old.xml
-rw-rw---- 1 admin root 10 Aug 27 16:54 tmp_revisions_order.txt
Looks like it had a successful update 2 months ago
I have looked into few articles and threads such as:
https://support.checkpoint.com/results/sk/sk64521
https://support.checkpoint.com/results/sk/sk173629
https://support.checkpoint.com/results/sk/sk132812
https://support.checkpoint.com/results/sk/sk64521
https://community.checkpoint.com/t5/Management/Updating-trusted-CA-list-on-mgmt-server/m-p/150614
https://community.checkpoint.com/t5/General-Topics/HTTPS-inspection-root-CA-updates/td-p/5006
None of those has information regarding updates logs or troubleshoot.
Ver: R81.20
R81_20_JUMBO_HF_MAIN Take: 113
How do I know the list is not updated?
For example: msn.com chain is DigiCert Global Root G2 > Microsoft Azure RSA TLS Issuing CA 03 > *.msn.com
DigiCert Global Root G2 is missing from the list.
I also get HTTPS inspection errors like:
Certificate Chain is not signed by a Trusted CA. Refer to sk179944 for more details.
Certificate DN: 'CN=*.msn.com,O=Microsoft Corporation,L=Redmond,ST=WA,C=US' Requested Server Name: msn.com
| User | Count |
|---|---|
| 25 | |
| 12 | |
| 9 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 |
Wed 26 Nov 2025 @ 12:00 PM (COT)
Panama City: Risk Management a la Parrilla: ERM, TEM & Meat LunchWed 03 Dec 2025 @ 10:00 AM (COT)
Última Sesión del Año – CheckMates LATAM: ERM & TEM con ExpertosThu 04 Dec 2025 @ 12:30 PM (SGT)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - APACThu 04 Dec 2025 @ 03:00 PM (CET)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - EMEAThu 04 Dec 2025 @ 02:00 PM (EST)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - AmericasWed 03 Dec 2025 @ 10:00 AM (COT)
Última Sesión del Año – CheckMates LATAM: ERM & TEM con ExpertosThu 04 Dec 2025 @ 12:30 PM (SGT)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - APACThu 04 Dec 2025 @ 03:00 PM (CET)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - EMEAThu 04 Dec 2025 @ 02:00 PM (EST)
End-of-Year Event: Securing AI Transformation in a Hyperconnected World - AmericasWed 26 Nov 2025 @ 12:00 PM (COT)
Panama City: Risk Management a la Parrilla: ERM, TEM & Meat Lunch