Major Check Point Certificate Change

Friday 15th July 2016

Major Check Point Certificate Change Coming – Hotfix Must be Applied By End October

Check Point is changing all its SHA-1 Certificates to SHA-256 Certificates in November 2015. All Check Point customers will have to apply a hotfix (already available) by the end of October this year in order for Check Point updates to work.

What's Changing and Why is It Important? To enhance the security of their online update services, Check Point is migrating its SHA-1 based certificates to SHA-256 based certificates in November 2015. This will affect connection to Check Point online services.

Check Point online update services are used by Check Point software for downloading updates, up-to-date protections and to verify license information.

All of the following software blades, products and features use online update services:

  • Software Blades: IPS, Application Control, URL Filtering, Threat Emulation, Anti-Virus, Anti-Bot, Anti-Spam,HTTPS Inspection, ESOD
  • CPUSE and SmartUpdate
  • License operations and Contract updates

To ensure the continued connectivity of Check Point software to Check Point online updates, a hotfix is required. This is already available from Check Point for all major software versions.

We recommend installing this as soon as convenient and at the latest by the end of October to maintain update functionality.

What Do I Need to Do About this? Customers already on Check Point Versions R77.30 and Endpoint Security E80.61/R77.20.01 have this fix included.

For lower versions, contact Bytes Security Partnerships Support as soon as convenient to get a Hotfix for this issue. A Support Engineer will ensure the Hotfix is compatible with your systems before providing it. The hotfix MUST be installed on ALL Check Point products: Security Gateways, Clusters, VSX, Security Management Servers, Multi-Domain Management Servers, Log Servers, etc.

For customers using online services in SmartDashboard (such as IPS blade updates) or SmartUpdate, an improved SmartConsole package is required as well. This improved package is vital to be able to work with Check Point servers and perform signatures updates (IPS blade, Anti-Virus blade, other blades), Licensing, Contracts, etc.

What happens if I do not install the hotfix on ALL machines? Any Check Point machines, on which this hotfix is not installed, will not be able to connect to Check Point servers and perform operations like signatures updates (IPS blade, Anti-Virus blade, other blades), Licensing, Contracts, etc.

Need More Information?

You can access full information including information on available hotfixes, installation instructions and commonly asked questions from the Check Point support team below.

>> Full details on available hotfixes, with installation Instructions >> Customer FAQ on this Notification

If you have any questions in the meantime regarding this change please contact [email protected] .


Want to keep informed? Sign up to our Newsletter

Connect