Note: This script is a third-party utility, not an official Check Point tool. It is provided as-is for convenience and reporting purposes. Always verify results against official Check Point documentation and support resources before taking action.

Based on the manual checks from SK 183884 I wrote a bash script that would check for DigiCert from the API.

I've uploaded to my GitHub; https://github.com/WadesWeaponShed/CheckPoint-CA-Check-sk183884/tree/main

Two Versions;

1. SMS version.

2. MDS version that will cycle through all Domains in a Multi-Domain Mgmt.

The script basically runs 3 checks;

• Looks for  all Trusted CA objects in the Security Management Server.
• If only the default internal_ca is present the script will exit and let you know you are not using 3rd party certificates.
• If other CAs exist:
  • Each CA is inspected for its Distinguished Name (DN) using generic object API and looks for DigiCert signed certificates.
    
    • If no DN contains DigiCert, the script informs you that other CAs exist but none are DigiCert-related, and the check ends successfully without running gateway checks.
    • If a DN contains the word DigiCert, a warning is displayed and the script proceeds to gateway checks.
      • The Gateway Check will roll through all gateway objects and check if HTTPS inspection, S2S-VPN, and Mobile-Access are enabled. It will print each gateway as a line "GATEWAY_NAME: HTTPS=true/false, S2S-VPN=true/false, Mobile-Access=true/false