This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2022-06-10 04:22 PM

Updating trusted CA list on mgmt server

Hey guys,

 

I hope someone can clarify this for me. I know there were posts about it before and process for updating the trusted CA list, but TAC engineer told me this is not even needed in R81.10. Whole reason is that customer enabled https inspection, but they get "untrusted certificate" when going to bunch of azure and microsoft websites, so we had to whitelist lots of them, but makes no sense why their trusted CA list on mgmt server is missing way more certs than my lab mgmt. Their version is R81.10 jumbo 30 and I am on latest R81.10 jumbo 61, but I dont really think that matters. Just to be sure I gave them zip file for latest update and they uploaded it, even did reboot of mgmt server, but same problem.

 

Any idea as to why this could be happening?

Thanks as always!

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-06-10 08:07 PM

If the auto updates are configured per sk173629 and internet connectivity isn't an issue please contact TAC to diagnose this further.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-06-10 08:16 PM
In response to Chris_Atkinson

Yup, all that was checked already and configured. TAC said they will investigate on their end, but no useful advice yet. I told them I will spin up windows 10 VM in the lab, slap it behind the fw and see what happens when inspection is on. I dont know what you think about this, but do you believe it may to do with the fact customer replaced default cert for user check with their own? I dont think it does, but cant say for certain. Thanks again for your help @Chris_Atkinson 

0 Kudos
the_rock
Legend
Legend
‎2022-06-11 07:10 AM
In response to Chris_Atkinson

Did a test in the lab and worked fine for me, no issues with azure/microsoft sites...BUT, I never replaced the default user check cert, so not sure if that could be a problem, since customer did do that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events