- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We're looking at configuring URL filtering on our R80.10 gateway and have a couple of questions about the UserCheck Cert. The gateway is currently using the auto-generated cert which is not deployed to any of our internal clients. We'd like to import and use a cert that is deployed internally, coincidentally it is the same cert we use for HTTPS Inspection on the same gateway.
This is probably an obvious question(s) but can we use the same cert for HTTPS inspection and UserCheck on the same gateway and is there any risk of anything breaking when I replace the auto-generated cert within UserCheck our own internal cert?
Thanks,
Neil
No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).
The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:
- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).
- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.
Please see if this thread answers your questions:
Thanks Vladimir,
It does explain part of it, I just wanted to be certain that I can use the same cert applied for HTTPS Inspection for the UserCheck also. I'm sure I can but thought I'd ask the forum before making the change?
No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).
The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:
- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).
- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.
That makes sense now, thanks for detailing it out.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY