https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75557#M11853 <P>Do you know if the fix is going to be provided to the SMB line of appliances, namely the 700 and 1400 series?</P><P>&nbsp;</P><P>Thanks!</P> Tue, 18 Feb 2020 07:07:54 GMT Andrew_Kim 2020-02-18T07:07:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/70608#M11852 <P>Apple has changed the requirements regarding HTTPS server certificates in its products – Mainly <A href="https://support.apple.com/en-us/HT210176" target="_blank">Catalina 10.15 and iOS 13</A>.<BR />SHA1 signed certificates are no longer considered secure and servers using them will be blocked.<BR />The default CA certificate we generate for HTTPS Inspection is SHA1 signed.<BR />This means end users with a default HTTPS Inspection CA certificate using macOS 10.15 endpoints will encounter an untrusted certificate error message.<BR />More details (and a solution) can be found in <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk163932&amp;partition=General&amp;product=HTTPS" target="_blank">sk163932</A>.<STRONG>&nbsp;</STRONG></P> <P>In R80.40, the default HTTPS Inspection CA certificate will be SHA256 signed.<BR />This change will also be integrated into upcoming Jumbo Hotfixes for other R80.x releases.</P> Mon, 16 Dec 2019 20:55:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/70608#M11852 PhoneBoy 2019-12-16T20:55:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75557#M11853 <P>Do you know if the fix is going to be provided to the SMB line of appliances, namely the 700 and 1400 series?</P><P>&nbsp;</P><P>Thanks!</P> Tue, 18 Feb 2020 07:07:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75557#M11853 Andrew_Kim 2020-02-18T07:07:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75605#M11854 Not aware of any specific plans.<BR />That said, you can ask via TAC if the relevant fix can be ported to the SMB appliances.<BR />Note you can always generate a new CA key using a procedure similar to this sk (though not directly on the SMB appliance): <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk115894" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk115894</A><BR /> Tue, 18 Feb 2020 18:22:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75605#M11854 PhoneBoy 2020-02-18T18:22:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75606#M11855 <P>Thanks for the response. &nbsp;I'll need to reach out to TAC to see what, if anything, can be done. &nbsp;I also did try the fix in the SK using an R80.30 firewall but that didn't appear to change the behavior at all on the SMB device.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 18 Feb 2020 18:25:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-and-macOS-10-15-Catalina/m-p/75606#M11855 Andrew_Kim 2020-02-18T18:25:36Z