cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

UserCheck Certificate

Jump to solution

We're looking at configuring URL filtering on our R80.10 gateway and have a couple of questions about the UserCheck Cert. The gateway is currently using the auto-generated cert which is not deployed to any of our internal clients.  We'd like to import and use a cert that is deployed internally, coincidentally it is the same cert we use for HTTPS Inspection on the same gateway.

This is probably an obvious question(s) but can we use the same cert for HTTPS inspection and UserCheck on the same gateway and is there any risk of anything breaking when I replace the auto-generated cert within UserCheck our own internal cert?

Thanks,

Neil

0 Kudos
1 Solution

Accepted Solutions

Re: UserCheck Certificate

Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

4 Replies
Vladimir
Pearl

Re: UserCheck Certificate

Jump to solution

Please see if this thread answers your questions:

 

Re: UserCheck Certificate

Jump to solution

Thanks Vladimir,

It does explain part of it, I just wanted to be certain that I can use the same cert applied for HTTPS Inspection for the UserCheck also.  I'm sure I can but thought I'd ask the forum before making the change?

0 Kudos

Re: UserCheck Certificate

Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

Re: UserCheck Certificate

Jump to solution

That makes sense now, thanks for detailing it out.