This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Austin35
Explorer
‎2026-03-02 09:48 AM

App & URL Filtering - OSCP Responder Failure

Hello everyone,

We recently enabled HTTPs encryption, with an implied bypass except a few hosts for testing.

HTTPs inspection is also completely in fail-open mode. 

One of our servers that is using an API out to an internet endpoint has been having issues, first it was related to https inspection probing but adding a domain based exception prior to probing rules has fixed that issue. But recently we have been seeing intermittent errors with it. 

Only thing I see in logs is an app/url Detect for an unreachable OSCP server. Exact Error message below

OCSP responder returned an 'unauthorized' status reply. Refer to sk159872 for more details.
Certificate DN: '...........' Requested Server Name: ............ See sk159872

I tried adding the entire cert chain to the trusted CA list to no avail. 

I more than likely will be getting a tac case opened for this but was wondering if anyone knew of any quick options here. 

Thanks, 

 

 

0 Kudos
4 Replies
Gaurav_Pandya
MVP
MVP
‎2026-03-03 03:40 AM

Here are some testing point I can think of,

1. Bypass https inspection for this specific API flow and check

2. Use ping and curl command from CLI to test connectivity with OCSP server domain name

3. Make sure checkpoint's trusted CA list is up to date. Generally, it is automatic update but good to verify

0 Kudos
Austin35
Explorer
‎2026-03-03 11:23 AM
In response to Gaurav_Pandya

1. A domain based HTTPs bypass has already been implemented prior to any probing based rules.

2. the OSCP server is reachable but it is returning a 401 unauthorized error code. 

3. they are using private certs, I have added the full chain to the trusted CAs list. 

 

I am going to be getting a TAC case opened for it

 

0 Kudos
PhoneBoy
Admin
Admin
‎2026-03-03 11:12 AM

Assuming this is an R82/R82.10 gateway, the following might also apply: https://support.checkpoint.com/results/sk/sk184766 

0 Kudos
Austin35
Explorer
‎2026-03-03 11:19 AM
In response to PhoneBoy

My bad I always forget to mention that. Yes we are running R82. This has been happening for roughly a month now and the CRL validation impacted or MAB certificates but the work around has already been applied there. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events