This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
biskit
Advisor
‎2019-06-28 05:55 AM
Jump to solution

HTTPS Inspection query

I haven't done much with HTTPS Inspection yet, but I have a customer who has tried it and it isn't working.  I don't know enough to help them.

R80.20 Take 47.

They have created their own Root cert from the firewall HTTPS Inspection page - step 1 - which is in the Trusted Root Certificate Authority store on the local machine. (kind of highlighted yellow below)

1.png

HTTPS Inspection  >  Create >  (their own root cert file from above).

View certificate shows:  (ignore the "not trusted" warning - I'm taking the screenshot from my machine which doesn't have the cert installed - the customer doesn't get that warning)

2a.PNG

Then, browse to a blocked site to trigger the UserCheck page, and first they still get a dodgy certificate page:

3.png

Click Continue and the block page shows - with the wrong certificate....

4.png

The certificate being used by the block page is the firewall's internal cert - not the imported trusted one they are trying to use.  (again, ignore the trust warning in this screenshot - I'm taking screenshots from a untrusted machine)

5.png

 

Any ideas what we're missing and why the newly created trusted cert isn't being used by the block pages?

 

 

0 Kudos
1 Solution

Accepted Solutions
Vladimir
Champion
Champion
‎2019-06-28 08:54 AM
Jump to solution

The HTTPS Inspection and the Portal Certificate are two different certs.

The portal cert is the normal server certificate, while HTTPS inspection is the self-generated Subordinate CA certificate.

If you want to avoid seeing portal cert violations, this certificate should be installed on the clients as well.

See this thread: https://community.checkpoint.com/t5/General-Management-Topics/UserCheck-portal-using-Certificate-not...

 

View solution in original post

1 Reply
Vladimir
Champion
Champion
‎2019-06-28 08:54 AM
Jump to solution

The HTTPS Inspection and the Portal Certificate are two different certs.

The portal cert is the normal server certificate, while HTTPS inspection is the self-generated Subordinate CA certificate.

If you want to avoid seeing portal cert violations, this certificate should be installed on the clients as well.

See this thread: https://community.checkpoint.com/t5/General-Management-Topics/UserCheck-portal-using-Certificate-not...

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events