Support Center > Search Results > SecureKnowledge Details
Public Cloud CA Bundle for CloudGuard Latest Updates Technical Level
Solution

Overview | Prerequisites | Availability | Installation | Installation Troubleshootin | List of Resolved Issues | Revision History

Overview

Public Cloud CA Bundle contains certificates of root certificate authorities that are used to sign the public keys of the API servers of public cloud providers.

The certificates allow API clients in Check Point  solutions to validate the authenticity of API servers of cloud platforms such as AWS (Amazon Web Services), Azure, GCP (Google Cloud Platform), and more.

You can install public Cloud CA Bundle on Security Management Server, Multi-Domain Management Server, Security Gateways, Standalone deployed in cloud platforms or on-premises machines.

Important: It is essential to keep Public Cloud CA Bundle up to date with Automatic Updates.

Prerequisites

Public Cloud CA Bundle requires Jumbo Hotfix Accumulator installed with the minimum version:

Version Required
R81.10 and above It is not required to install Jumbo Hotfix Accumulator
R81 R81 Jumbo Hotfix Accumulator Take 45
R80.40 R80.40 Jumbo Hotfix Accumulator Take 132
R80.30 R80.30 Jumbo Hotfix Accumulator Take 241
R80.30 Security Gateway Gaia 3.10 R80.30 Jumbo Hotfix Accumulator Take 241
R80.20 R80.20 Jumbo Hotfix Accumulator Take 204
R80.20 Security Gateway Gaia 3.10 R80.20 Jumbo Hotfix Accumulator with Gaia 3.10 Take 44


Availability

Take # Release Date Offload Package Link
General Availability Take 18 20 Mar 2022 (TAR)


Installation

Public Cloud CA Bundle is installed automatically with the release of any new version (as long there is Internet connectivity).

Show / Hide the Offline Package Installation Procedure

Procedure:

  1. Log in to the Check Point machine via SSH.

  2. Transfer the offline package to the machine.

  3. From Expert mode, run:

    autoupdatercli install <FULL PATH TO PUBLIC CLOUD CA BUNDLE PACKAGE>.tar

    Example: autoupdatercli install  /home/admin/_Check_Point_ PUBLIC CLOUD CA BUNDLE _AUTOUPDATE_Bundle_T14_AutoUpdate.tar

  4. Validate the installation passed successfully by checking the  /opt/CPInstLog/AutoUpdateLogs/public_cloud_ca_bundle log.


Installation Troubleshooting

These issues can rise when running the installation package:

  • Issue 1: "Failed to download latest Public Cloud CA Bundle."

    Solution: If you have no internet access, follow the instructions for "Offline Package Installation Procedure" in the Installation Instructions section above.



  • Issue 2: "A version of Public Cloud CA bundle is already installed via AutoUpdater"

    Solution: Public Cloud CA Bundle has already been installed for the first time and is configured to receive updates automatically. If you have no internet access, follow the instructions for "Offline Package Installation Procedure" in the Installation Instructions section above.



  • Issue 3: You want to return to previous version of Public Cloud CA bundle

    Solution: It is highly recommended that you use the latest take of Public Cloud CA bundle.

    If you still want to revert to the previous take, run the following command in Expert mode:

    autoupdatercli revert public_cloud_ca_bundle

    The revert takes up to 1 minute.

    To make sure Public Cloud CA Bundle was reverted to the previous take, run this command in the Expert mode:

    cpinfo -y CPUpdates 2>&1 | grep PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE

    The take number in the output must be the one to which you reverted.

    Notes:

    • Public Cloud CA Bundle is upgraded automatically each time a new take is released.

    • You can revert only to the previous version. A revert to older versions reverts Public Cloud CA Bundle completely and removes it from the machine.



  • Issue 4: You want to totally remove Public Cloud CA bundle

    Solution: Run the following command in Expert mode:

    autoupdatercli revert-completely public_cloud_ca_bundle

    The revert takes up to 1 minute.

    To make sure Public Cloud CA Bundle was reverted completely, run this command in the Expert mode:

    cpinfo -y CPUpdates 2>&1 | grep PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE

    If you also wish to stop receiving future updates of Public Cloud CA Bundle after the removal, run the following command in Expert mode:

    autoupdatercli disable public_cloud_ca_bundle

    The output must show "0".


If your issue is not resolved by one of the above solutions, contact Check Point Support and attach the log files from /opt/CPInstLog/AutoUpdateLogs/PUBLIC_CLOUD_CA_BUNDLE 


List of Resolved Issues and New Features per Update

ID Description
Take 18 (20 March 2022)
VSECPC-5597  Added a new Azure certificate for the Storage service.
Take 14 (09 February 2022)
-  First release of Public Cloud CA Bundle Update


Revision History

Show / Hide revision history

Date Description
20 Mar 2022 Released Take 18
09 Feb 2022 First release of this document - Take 14

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment