cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Import a list of certificates!

Jump to solution

Is there any option to update all the trusted CAs list?

Where can I find the complete packet of trusted CAs to download?

Is there any option to import my own list?

Thank you

Tags (2)
1 Solution

Accepted Solutions
Admin
Admin

Re: Import a list of certificates!

Jump to solution

The list of CAs is updated regularly.

You can export a single CA (not the whole list), but you can see the whole list.

You can also import a single CA (you have to repeat this step multiple times):

10 Replies
Admin
Admin

Re: Import a list of certificates!

Jump to solution

The list of CAs is updated regularly.

You can export a single CA (not the whole list), but you can see the whole list.

You can also import a single CA (you have to repeat this step multiple times):

Re: Import a list of certificates!

Jump to solution

I see, my problem is from time to time we have to import all the governamental certificates and they are more than 100, so it's time-wasting to import one by one.

Should be a nice feature to import many at the same time.

Thank you Dameon!

0 Kudos

Re: Import a list of certificates!

Jump to solution

Hi, there isn't an out-of-the-box solution for this at the moment. We will consider this request in our next releases.

Re: Import a list of certificates!

Jump to solution

Thank you for your response Tomer Sole.

0 Kudos

Re: Import a list of certificates!

Jump to solution

One of my customers needs to import a new Trusted Root as several sites are having issues with the fact this is not recognized by Check Point.  Dameon Welch-Abernathy   you saying that for this we should be using "Import outbound Certificate" as this looks more like the the one used for HTTPS Inspection and not Trusted CA i'm looking for. The only other option is to update the whole list with a zip of "unknown" contents with "unknown format" as per sk64521. 

According to sk122973 we could easily solve this issue by importing the Root CA of Digicert Inc. however this SK is inaccurate for 80.20. There is no such thing as 'SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import' However looking at how SmartConsole looks in R80 (using the traditional console app for HTTPS Inspection) there is no such menu:

Regardless i've put 1-2 stars and Feedback on both SKs and waiting for updates. Check Point actually takes things into consideration and updates them when they get bad feedback. 

0 Kudos

Re: Import a list of certificates!

Jump to solution

Hello Cezar,

The sk64521 is to update the list of certificates provided by CheckPoint and it's a ZIP file that CheckPoint TAC can provide you if you open a Ticket.

As per sk122973 the SK says the problem is only for 77.30 and 80.10, for other versions above r80.10 take 112 it seems to not have ever being seen.

If you are experienciend such a problem with those websites mentioned in the SK you should contact TAC.

To import the trusted CA certificate in R80.20 is the same way as in R80.10 (SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import outbound certificate) as Dameon Welch-Abernathy‌ mentioned.

Regards

Admin
Admin

Re: Import a list of certificates!

Jump to solution

Just checked myself, R77.30 and R80.20 show exactly the same option pictured in the post cezar varlan‌ pasted.
The option is there, though perhaps it is not labeled exactly as noted in the SK.

0 Kudos

Re: Import a list of certificates!

Jump to solution

Dameon Welch-Abernathy‌ i believe in R77.30 you would have an "Advanced" Tab which is missing in my screenshot from 80.20. However the naming of the button is probably the same.

The SK is still wrong however Smiley Happy

0 Kudos
Admin
Admin

Re: Import a list of certificates!

Jump to solution

The naming of the menu is the same.

Please make sure to leave feedback in the SK so we can improve it.

0 Kudos

Re: Import a list of certificates!

Jump to solution

The wording using "outbound" is what i believe unfortunate.

Just confirmed with TAC via a SR now. After they have checked, they have confirmed this is the correct import button. 

Probably the SK should have either the full button label, or the label should be shortened. 

Issue is fixed. For some reason the default Check Point trusted list of Root CA's is not complete. Microsoft looks like it trusts this particular cert chain out of the box. Error for " untrusted" Certificate Chain has dissapeared and has been repalced with invalid (OSCP cannot connect) but the traffic works this time. 

Untrusted is automatically blocked, while invalid is allowed.