Not sure if someone also has or had this problem but this is the 2nd recurrent year we had been in this situation. We use LDAPS (port 636, LDAP Account UnIt) config to connect to our ADs for Remote Access Usage and IA. Microsoft DCs generate a 1year expiration certificate which Check Point firewall validates using the fingerprint fetch process (Servers > Edit > Encryption > Fetch).
The thing is every year this certificate auto-renews and turns out the old fingerprint becomes invalid and that's where our lives stress out: no one is then able to access Internet through IA rules or connect to the environment through Remote access VPN until we manually fetch the new fingerprint in every LDAP server configured then push policy.
I haven't seen any statement from Check Point showing a permanent fix for this (Hotfix or Patch) or any other option that allow us to use LDAPS and auto-fetch the fingerprint or something that not let this happen again.
Firewall version is R80.20