topic Re: Untrusted certificate, HTTPS inspection bypass in Firewall and Security Management

Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Fri, 30 Jun 2023 16:32:15 GMT

Good evening.

At the moment, we need to provide a bypass to the resource https://website.com/ which, when connected to it, accesses the resource https://add.website.com/.

The https://add.websitedmz.com/ resource has a self-signed certificate.

Nevertheless, despite the bypass rules, this https://add.websitedmz.com/ resource is still detect, which interferes with the work of the entire https://websitedmz.com/ resource.

self-signed cert add.websitedmz.com was added to trusted ca but still detectable.

Please suggest how to bypass this resource.

Re: Untrusted certificate, HTTPS inspection bypass

the_rock — Fri, 30 Jun 2023 17:27:57 GMT

Can you show bypass rule for it? Please blur out any sensitive info.

Andy

Re: Untrusted certificate, HTTPS inspection bypass

PhoneBoy — Fri, 30 Jun 2023 21:32:39 GMT

As part of HTTPS Inspection, we also validate the certificate of the site you are accessing.
Have you added the self-signed certificate to the trusted CA list in SmartDashboard?

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Mon, 03 Jul 2023 07:51:45 GMT

good morning

This is from test open server, on the production CP we hame the same issue, difference between them only in number of applications

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Mon, 03 Jul 2023 07:57:52 GMT

good morning

Have you added the self-signed certificate to the trusted CA list in SmartDashboard?

Yes, i did.

Re: Untrusted certificate, HTTPS inspection bypass

PhoneBoy — Mon, 03 Jul 2023 20:00:21 GMT

I'm referring to the certificate for add.websitedmz.com itself.

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Tue, 04 Jul 2023 07:42:41 GMT

added with all CA, still don t work

Same Untrusted Ceertificate Issue:

Certificate DN: "O=websitedmz.com", Requested Server Name: add.websitedmz.com See sk159872

Re: Untrusted certificate, HTTPS inspection bypass

_Val_ — Tue, 04 Jul 2023 07:47:58 GMT

Please look into this thread: https://community.checkpoint.com/t5/Security-Gateways/HTTPS-Certificate-validation-SK159872/td-p/131158

Re: Untrusted certificate, HTTPS inspection bypass

_Val_ — Tue, 04 Jul 2023 07:50:33 GMT

No, this is not CA cert, this is the web server certificate. It clearly shows "Issued by Untrusted". You need the root cert, which is probably not applicable to self-signed. I suggest you add any third party certificate to that server, preferably issued by your own corporate CA or AD, and then add that signing CA as trusted root.

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Tue, 04 Jul 2023 08:25:44 GMT

Thanks. Can I still make checkpoint ignore an issued by untrusted certificate and bypass it, beside making third party certificate? I m affraid it is not first case...

Re: Untrusted certificate, HTTPS inspection bypass

_Val_ — Tue, 04 Jul 2023 08:30:56 GMT

The log says "Detect", which means traffic is not affected. Why would you need an exception? To avoid logging?

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Tue, 04 Jul 2023 08:49:24 GMT

I can t access the second domain level site https://websitedmz.com/. because some issues with https inspection on third domain level site https://add.websitedmz.com/. When i turn off the Https inspection, it works fine. Can t say why.

@_Val_ wrote:
The log says "Detect", which means traffic is not affected.

Next step is Inspect.

Re: Untrusted certificate, HTTPS inspection bypass

_Val_ — Tue, 04 Jul 2023 10:30:26 GMT

Add a bypass for that level too. Also, in HTTPS Inspection / Server Validation , make sure you did not check box to drop traffic from with untrusted certs.

Re: Untrusted certificate, HTTPS inspection bypass

the_rock — Tue, 04 Jul 2023 12:05:39 GMT

I would definitely double check option @_Val_ mentioned for untrusted cert (its in legacy https inspection dashboard settings)

Andy

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Tue, 04 Jul 2023 12:44:38 GMT

It is turned off.

Re: Untrusted certificate, HTTPS inspection bypass

DmitriyDubovik — Thu, 06 Jul 2023 13:44:20 GMT

i bet this is some sort of bug, because dashboard settings is off

Re: Untrusted certificate, HTTPS inspection bypass

ww1m6 — Thu, 30 May 2024 08:06:59 GMT

Hello, I am unable to find this section, can you tell me how to get to it?

Re: Untrusted certificate, HTTPS inspection bypass

ww1m6 — Thu, 30 May 2024 08:07:29 GMT

Hello, I can't find this settings section, can you tell me how to get to it?

Re: Untrusted certificate, HTTPS inspection bypass

the_rock — Thu, 30 May 2024 10:31:37 GMT

Its in legacy dashboard.

Re: Untrusted certificate, HTTPS inspection bypass

PhoneBoy — Thu, 30 May 2024 22:09:24 GMT

You have to get to the legacy SmartDashboard, which you do by going here:

From there, click on HTTPS Validation