AnsweredAssumed Answered

HTTPS inspection root CA updates

Question asked by John Fenoughty on Aug 7, 2017
Latest reply on Dec 18, 2018 by Konstantin Tsoy

I have observed that some firewall managers in the field are being notified of updates to the HTTPS root Trusted Root CAs list that the firewalls use for HTTPS inspection and others are not. In all cases they have 'notify when a trusted CA and blacklist update file is available for installation' ticked.


Keeping this list up to date is vital, as recent issues with Microsoft Updates failing to be properly excluded from HTTPS inspection due to missing root CAs has clearly demonstrated to me.


There's a Check Point article sk64521 which says this process is automated but gives a method for a manual update, but is uses the rather glib throw away line of:  At the top, click on Actions button - select Update certificate list... - browse for the ZIP file with certificates - click on Open


Does anyone know where to obtain this .zip file from?


I was wondering if I could try to get it from a siote where the download had been successful, but I don;t know where it would be downloaded to or what it might be called.


Thee's no clues that I can find in the aforementioned article.


Anyone had any success with updating this list manually?