https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219144#M41878 <P>In reference to the block page, where would you change the certificate used for that?</P> <P>Based on the name that I see, it would be my cluster IPsec VPN certificate, which would effect my certificate VPN tunnels.</P> <P>Edit - Oh, I see it under the UserCheck section. Nevermind!</P> Fri, 28 Jun 2024 18:45:27 GMT CaseyB 2024-06-28T18:45:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219139#M41877 <P>Ola girls and boys,</P> <P>Happy Friday <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Figured would sare this tip, as I see people asking me this constantly. So, once ssl inspection is configured and you can refer to my lab guide below, if you are using self generated certs in the lab, you need to export as per below screenshot and add the certs in trusted root store on the machine you are testing, along with actual https inspection cert you export from the gateway properties, so does not show site is not secure when its blocked. In layman's terms, as they say, whole certficate chain has to be trusted.</P> <P>Best,</P> <P>Andy</P> <P>&nbsp;</P> <P><A href="https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-lab-guide/m-p/214429#M40929" target="_blank" rel="noopener">https://community.checkpoint.com/t5/Security-Gateways/Https-inspection-lab-guide/m-p/214429#M40929</A></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26519iD2EA92DFC1EEEADB/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MrBeanThumbsUpGIF.gif" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26520i5EE19B73359E6C7E/image-size/medium?v=v2&amp;px=400" role="button" title="MrBeanThumbsUpGIF.gif" alt="MrBeanThumbsUpGIF.gif" /></span></P> <P> </P> Fri, 28 Jun 2024 18:01:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219139#M41877 the_rock 2024-06-28T18:01:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219144#M41878 <P>In reference to the block page, where would you change the certificate used for that?</P> <P>Based on the name that I see, it would be my cluster IPsec VPN certificate, which would effect my certificate VPN tunnels.</P> <P>Edit - Oh, I see it under the UserCheck section. Nevermind!</P> Fri, 28 Jun 2024 18:45:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219144#M41878 CaseyB 2024-06-28T18:45:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219147#M41879 <P>Thats right.</P> <P>Andy</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26521iC643016FF2C0DDF2/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Fri, 28 Jun 2024 18:46:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/219147#M41879 the_rock 2024-06-28T18:46:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/236144#M45791 <P>Hey guys,</P> <P>I know its been few months since I posted this, but since people asked me to upload short video about it, here it is.</P> <P>Andy</P> <P>&nbsp;</P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-6366182776112w960h540r514" class="lia-video-brightcove-player-container"><video-js data-video-id="6366182776112" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-6366182776112w960h540r514'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/6366182776112">(view in My Videos)</a></div></P> Wed, 18 Dec 2024 13:53:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Https-inspection-tip/m-p/236144#M45791 the_rock 2024-12-18T13:53:05Z