This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Neil_Foxall
Participant
‎2019-01-22 05:56 AM
Jump to solution

UserCheck Certificate

We're looking at configuring URL filtering on our R80.10 gateway and have a couple of questions about the UserCheck Cert. The gateway is currently using the auto-generated cert which is not deployed to any of our internal clients.  We'd like to import and use a cert that is deployed internally, coincidentally it is the same cert we use for HTTPS Inspection on the same gateway.

This is probably an obvious question(s) but can we use the same cert for HTTPS inspection and UserCheck on the same gateway and is there any risk of anything breaking when I replace the auto-generated cert within UserCheck our own internal cert?

Thanks,

Neil

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
‎2019-01-23 07:59 AM
In response to Neil_Foxall
Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

View solution in original post

4 Replies
Vladimir
Champion
Champion
‎2019-01-22 06:03 AM
Jump to solution

Please see if this thread answers your questions:

https://community.checkpoint.com/thread/6993-usercheck-portal-using-certificate-not-created-for-http... 

Neil_Foxall
Participant
‎2019-01-23 02:13 AM
In response to Vladimir
Jump to solution

Thanks Vladimir,

It does explain part of it, I just wanted to be certain that I can use the same cert applied for HTTPS Inspection for the UserCheck also.  I'm sure I can but thought I'd ask the forum before making the change?

0 Kudos
Norbert_Bohusch
Advisor
‎2019-01-23 07:59 AM
In response to Neil_Foxall
Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

Neil_Foxall
Participant
‎2019-01-23 08:32 AM
In response to Norbert_Bohusch
Jump to solution

That makes sense now, thanks for detailing it out.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events