https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80816#M11471 <P>Are you using the same certificate for both inbound and outbound? The issue you are having, which direction it happens with?</P> Sat, 04 Apr 2020 09:38:52 GMT _Val_ 2020-04-04T09:38:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80759#M11470 <DIV class="lia-quilt-row lia-quilt-row-message-subject"><DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-message-subject-content"><DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"><DIV class="topic-subject-wrapper"><DIV class="lia-message-subject lia-component-message-view-widget-subject"><DIV class="MessageSubject">&nbsp;</DIV></DIV></DIV></DIV></DIV></DIV><DIV class="lia-quilt-row lia-quilt-row-message-body"><DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-message-body-content"><DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"><DIV class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"><DIV class="lia-message-body-content"><P>Good Morning,</P><P>I am having an issue with HTTPS inspection and the user check page.</P><P><BR />I have set up inbound/outbound in our DR envrionent successfully, I am now working on our production environment, however I am running into the following error.</P><P><BR />when I go to any https site the inspection works correctly I get our ca issuing the cert more or less as the man in the middle and the site opens with no errors, when I go to any site which is subject to URLF or APC I get the following error,</P><P>SAN cert is in place, this error is on all browsers<BR />Your connection is not private<BR />Attackers might be trying to steal your information from dcfw-private.xxxx.net (for example, passwords, messages, or credit cards). Learn more<BR />NET::ERR_CERT_COMMON_NAME_INVALID</P><P><BR />when I click on the Advanced the following error</P><P><BR />This server could not prove that it is dcfw-private.xxxx.net; its security certificate is from dcfw.xxxx.net. This may be caused by a misconfiguration or an attacker intercepting your connection.</P><P><BR />Keeping in mind, I configured everything the same including the SAN cert except for the names and IP's. All certs look the same with SAN, CN, Subject they have the same path with all the same Certs inline</P></DIV></DIV></DIV></DIV></DIV> Fri, 03 Apr 2020 15:39:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80759#M11470 Ricardo_Galvan 2020-04-03T15:39:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80816#M11471 <P>Are you using the same certificate for both inbound and outbound? The issue you are having, which direction it happens with?</P> Sat, 04 Apr 2020 09:38:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80816#M11471 _Val_ 2020-04-04T09:38:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80845#M11472 <P>Because you're not getting a certificate generated by HTTPS Inspection in this case, you are getting the UserCheck certificate, which by default is a self-signed certificate.</P> <P>You can replace this certificate with one signed by a CA the end user browser already trusts from here:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Screen Shot 2020-04-04 at 8.29.40 PM.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/5386i2F8CADC8190BC6DC/image-size/medium?v=v2&amp;px=400" role="button" title="Screen Shot 2020-04-04 at 8.29.40 PM.png" alt="Screen Shot 2020-04-04 at 8.29.40 PM.png" /></span></P> <P>Otherwise, you will have to configure the end user browsers to trust this self-signed certificate.</P> Sun, 05 Apr 2020 03:31:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80845#M11472 PhoneBoy 2020-04-05T03:31:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80961#M11473 <P>thank you all for assistance in figuring this one out..&nbsp;</P><P>all certificates are correct and in the correct location on the gateways and machines. this was a self inflicted wound. we have two FQDN's resloving to the same IP when only one is correct for the portal to work correctly.</P><P>&nbsp;</P><P>Ric</P> Mon, 06 Apr 2020 13:08:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-with-HTTPS-Inspection/m-p/80961#M11473 Ricardo_Galvan 2020-04-06T13:08:26Z