Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

HTTPS Inspection query

Jump to solution

I haven't done much with HTTPS Inspection yet, but I have a customer who has tried it and it isn't working.  I don't know enough to help them.

R80.20 Take 47.

They have created their own Root cert from the firewall HTTPS Inspection page - step 1 - which is in the Trusted Root Certificate Authority store on the local machine. (kind of highlighted yellow below)

1.png

HTTPS Inspection  >  Create >  (their own root cert file from above).

View certificate shows:  (ignore the "not trusted" warning - I'm taking the screenshot from my machine which doesn't have the cert installed - the customer doesn't get that warning)

2a.PNG

Then, browse to a blocked site to trigger the UserCheck page, and first they still get a dodgy certificate page:

3.png

Click Continue and the block page shows - with the wrong certificate....

4.png

The certificate being used by the block page is the firewall's internal cert - not the imported trusted one they are trying to use.  (again, ignore the trust warning in this screenshot - I'm taking screenshots from a untrusted machine)

5.png

 

Any ideas what we're missing and why the newly created trusted cert isn't being used by the block pages?

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Champion
Champion

The HTTPS Inspection and the Portal Certificate are two different certs.

The portal cert is the normal server certificate, while HTTPS inspection is the self-generated Subordinate CA certificate.

If you want to avoid seeing portal cert violations, this certificate should be installed on the clients as well.

See this thread: https://community.checkpoint.com/t5/General-Management-Topics/UserCheck-portal-using-Certificate-not...

 

View solution in original post

1 Reply
Highlighted
Champion
Champion

The HTTPS Inspection and the Portal Certificate are two different certs.

The portal cert is the normal server certificate, while HTTPS inspection is the self-generated Subordinate CA certificate.

If you want to avoid seeing portal cert violations, this certificate should be installed on the clients as well.

See this thread: https://community.checkpoint.com/t5/General-Management-Topics/UserCheck-portal-using-Certificate-not...

 

View solution in original post