cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

https inspection outbound CA certificate step#1

Jump to solution

Threat Prevention R80.10 Administration Guide 

When setting up 'https inspection' on a gateway... Step #1: Create and outbound CA Certificate for HTTPS Inspection. Later, I will import this to the other gateways.  Has anyone had a conflict or problem using their company's domain name (DN) ie checkpoint.com in for the outbound certificate DN? Why use your company's DN, why not 'outbound.checkpoint.com' for example just to be safe?   #certificate #outbound #httpsinspection #sslinspection #step1

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: https inspection outbound CA certificate step#1

Jump to solution

That's what I was trying to say: it really doesn't matter. Smiley Happy

0 Kudos
5 Replies
Admin
Admin

Re: https inspection outbound CA certificate step#1

Jump to solution

For the CA key? It shouldn't matter.

0 Kudos

Re: https inspection outbound CA certificate step#1

Jump to solution

Is there any disadvantage to just using 'outbound.mydomain.com' for example?    Would it make it any more inconvenient to get to community.mydomain.com for example?

0 Kudos
Admin
Admin

Re: https inspection outbound CA certificate step#1

Jump to solution

When you access a given site with HTTPS Inspection enabled, a new certificate for that site is generated on fly using the exact same DN that the original certificate had.

That certificate is signed by the CA key configured on the Security Gateway.

The DN of the CA key is only relevant insofar as validating who signed the certificate, not the DN accessed by the browser.

0 Kudos

Re: https inspection outbound CA certificate step#1

Jump to solution

Ok, sounds good.  

However, I still don't see any reason for good or for bad to use/not use the exact DN of my organization.  If I'm going to www.yahoo.com with a cert key of 'checkpoint.com' or 'outbound.checkpoint.com', does it really matter?

0 Kudos
Admin
Admin

Re: https inspection outbound CA certificate step#1

Jump to solution

That's what I was trying to say: it really doesn't matter. Smiley Happy

0 Kudos