This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Neil_Foxall
Participant
‎2019-01-22 05:56 AM

UserCheck Certificate

Jump to solution

We're looking at configuring URL filtering on our R80.10 gateway and have a couple of questions about the UserCheck Cert. The gateway is currently using the auto-generated cert which is not deployed to any of our internal clients.  We'd like to import and use a cert that is deployed internally, coincidentally it is the same cert we use for HTTPS Inspection on the same gateway.

This is probably an obvious question(s) but can we use the same cert for HTTPS inspection and UserCheck on the same gateway and is there any risk of anything breaking when I replace the auto-generated cert within UserCheck our own internal cert?

Thanks,

Neil

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
‎2019-01-23 07:59 AM
In response to Neil_Foxall

Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

View solution in original post

4 Replies
Vladimir
Champion
Champion
‎2019-01-22 06:03 AM

Jump to solution

Please see if this thread answers your questions:

https://community.checkpoint.com/thread/6993-usercheck-portal-using-certificate-not-created-for-http... 

Neil_Foxall
Participant
‎2019-01-23 02:13 AM
In response to Vladimir

Jump to solution

Thanks Vladimir,

It does explain part of it, I just wanted to be certain that I can use the same cert applied for HTTPS Inspection for the UserCheck also.  I'm sure I can but thought I'd ask the forum before making the change?

0 Kudos
Norbert_Bohusch
Advisor
‎2019-01-23 07:59 AM
In response to Neil_Foxall

Jump to solution

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

View solution in original post

Neil_Foxall
Participant
‎2019-01-23 08:32 AM
In response to Norbert_Bohusch

Jump to solution

That makes sense now, thanks for detailing it out.