Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Inbound SSL Inspection Certificate Issues

Jump to solution

I am trying to setup inbound SSL Inspection for the first time for one of our websites we are deploying. 

I am using a Digicert wildcard certificate that is imported on the CheckPoint and installed on the server itself. I have verified the whole cert chain is installed and that it's the same cert on the CheckPoint and the server. 

If I turn on the SSL Inspection rule and run an SSL check from Digicert, SSL Shopper, etc, it comes back with an error saying that it's missing the intermediate cert. If I turn off the rule, it comes back just fine. 

Chrome works fine but some Android apps will not connect due to the intermediate missing. 

I have a ticket open but just curious if anyone else has had this issue before and how to get around it.

This is a Cloudguard AWS instance running R80.10. No load balancing or anything, just straight to a Windows server running Apache. 

Thanks in advance!

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

The .p12 file you import into SmartConsole must include all the intermediate certificates as well.

Otherwise, you see the behavior you are describing.

See: Best Practices - HTTPS Inspection 

View solution in original post

3 Replies
Highlighted
Admin
Admin

The .p12 file you import into SmartConsole must include all the intermediate certificates as well.

Otherwise, you see the behavior you are describing.

See: Best Practices - HTTPS Inspection 

View solution in original post

Highlighted
Contributor

The cert contains the whole chain. Are you saying I need to pack up the standalone intermediate along with the cert in the p12?

0 Kudos
Reply
Highlighted
Contributor

Nevermind.. That worked! I packed up both the cert and the intermediate in the p12 and that works now. Can't believe I didn't think of that... I guess I assumed it would use the intermediate in the cert itself. 

Thanks!