HTTPS Inspection query

biskit — Fri, 28 Jun 2019 13:05:19 GMT

I haven't done much with HTTPS Inspection yet, but I have a customer who has tried it and it isn't working. I don't know enough to help them.

R80.20 Take 47.

They have created their own Root cert from the firewall HTTPS Inspection page - step 1 - which is in the Trusted Root Certificate Authority store on the local machine. (kind of highlighted yellow below)

HTTPS Inspection > Create > (their own root cert file from above).

View certificate shows: (ignore the "not trusted" warning - I'm taking the screenshot from my machine which doesn't have the cert installed - the customer doesn't get that warning)

Then, browse to a blocked site to trigger the UserCheck page, and first they still get a dodgy certificate page:

Click Continue and the block page shows - with the wrong certificate....

The certificate being used by the block page is the firewall's internal cert - not the imported trusted one they are trying to use. (again, ignore the trust warning in this screenshot - I'm taking screenshots from a untrusted machine)

Any ideas what we're missing and why the newly created trusted cert isn't being used by the block pages?

Re: HTTPS Inspection query

Vladimir — Fri, 28 Jun 2019 15:54:39 GMT

The HTTPS Inspection and the Portal Certificate are two different certs.

The portal cert is the normal server certificate, while HTTPS inspection is the self-generated Subordinate CA certificate.

If you want to avoid seeing portal cert violations, this certificate should be installed on the clients as well.

See this thread: https://community.checkpoint.com/t5/General-Management-Topics/UserCheck-portal-using-Certificate-not-created-for-HTTPS/m-p/31777

topic Re: HTTPS Inspection query in General Topics

HTTPS Inspection query

Re: HTTPS Inspection query