This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2019-12-16 12:55 PM

HTTPS Inspection and macOS 10.15 (Catalina)

Apple has changed the requirements regarding HTTPS server certificates in its products – Mainly Catalina 10.15 and iOS 13.
SHA1 signed certificates are no longer considered secure and servers using them will be blocked.
The default CA certificate we generate for HTTPS Inspection is SHA1 signed.
This means end users with a default HTTPS Inspection CA certificate using macOS 10.15 endpoints will encounter an untrusted certificate error message.
More details (and a solution) can be found in sk163932. 

In R80.40, the default HTTPS Inspection CA certificate will be SHA256 signed.
This change will also be integrated into upcoming Jumbo Hotfixes for other R80.x releases.

3 Replies
Andrew_Kim
Explorer
‎2020-02-17 11:07 PM

Do you know if the fix is going to be provided to the SMB line of appliances, namely the 700 and 1400 series?

 

Thanks!

0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-18 10:22 AM
In response to Andrew_Kim

Not aware of any specific plans.
That said, you can ask via TAC if the relevant fix can be ported to the SMB appliances.
Note you can always generate a new CA key using a procedure similar to this sk (though not directly on the SMB appliance): https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Andrew_Kim
Explorer
‎2020-02-18 10:25 AM
In response to PhoneBoy

Thanks for the response.  I'll need to reach out to TAC to see what, if anything, can be done.  I also did try the fix in the SK using an R80.30 firewall but that didn't appear to change the behavior at all on the SMB device.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events