Hi @Scott_Paisley
https://badsite.com is a self-signed certificate website.
Outbound HTTPS Inspection of self-signed certificate websites or a site with certicicate issues may fail with various errors:
- CRL Validations failure logs
- Self-Signed certificate failure logs
- HTTPS Validation failure logs or Reject logs
By design, when HTTPS Inspection is enabled, CRL Validation is also enabled by default.
Therefore, inspecting traffic towards a website that owns a self-signed certificate (without a Root-CA / Sub-Root-CA) will fail because of the CRL Validation feature, which validates expiry, all certificate chains and their order, trust state, and more.
More read here: sk148352
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips