The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Improved handling of trusted CAs certificates when HTTPS inspection is enabled
R77.30 (EOL), R80.10
Gaia, SecurePlatform 2.6
Platform / Model
Websites that use "Staat der Nederlanden Root CA - G2" certificate, fail to open with HTTPS Inspection.
Downloading the "Staat der Nederlanden Root CA - G2" certificate and importing it manually into the Trusted CA List ('SmartConsole > HTTPS Inspection > Advanced > Trusted CA > Import') resolves the issue.
Note: Use "Update certificate list" option.
Debug of WSTLSD daemon (as per sk105559) shows: cptls_Validation::CallBackOnFailed: result: -1001, error_level: 0
cptls_Validation: Chain is NOT trusted !!
Examples of sites that use "Staat der Nederlanden Root CA - G2" certificate:
The Trusted CA list is held on the Security Gateway, and due to a change in the list, it fails to correctly read the "Staat der Nederlanden Root CA - G2" certificate. As a result, it displays the certificate as "Not Trusted".