This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2022-06-10 04:22 PM

Updating trusted CA list on mgmt server

Hey guys,

 

I hope someone can clarify this for me. I know there were posts about it before and process for updating the trusted CA list, but TAC engineer told me this is not even needed in R81.10. Whole reason is that customer enabled https inspection, but they get "untrusted certificate" when going to bunch of azure and microsoft websites, so we had to whitelist lots of them, but makes no sense why their trusted CA list on mgmt server is missing way more certs than my lab mgmt. Their version is R81.10 jumbo 30 and I am on latest R81.10 jumbo 61, but I dont really think that matters. Just to be sure I gave them zip file for latest update and they uploaded it, even did reboot of mgmt server, but same problem.

 

Any idea as to why this could be happening?

Thanks as always!

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee
‎2022-06-10 08:07 PM

If the auto updates are configured per sk173629 and internet connectivity isn't an issue please contact TAC to diagnose this further.

0 Kudos
the_rock
Legend
Legend
‎2022-06-10 08:16 PM
In response to Chris_Atkinson

Yup, all that was checked already and configured. TAC said they will investigate on their end, but no useful advice yet. I told them I will spin up windows 10 VM in the lab, slap it behind the fw and see what happens when inspection is on. I dont know what you think about this, but do you believe it may to do with the fact customer replaced default cert for user check with their own? I dont think it does, but cant say for certain. Thanks again for your help @Chris_Atkinson 

0 Kudos
the_rock
Legend
Legend
‎2022-06-11 07:10 AM
In response to Chris_Atkinson

Did a test in the lab and worked fine for me, no issues with azure/microsoft sites...BUT, I never replaced the default user check cert, so not sure if that could be a problem, since customer did do that.

0 Kudos