Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Neil_Foxall
Participant
Jump to solution

UserCheck Certificate

We're looking at configuring URL filtering on our R80.10 gateway and have a couple of questions about the UserCheck Cert. The gateway is currently using the auto-generated cert which is not deployed to any of our internal clients.  We'd like to import and use a cert that is deployed internally, coincidentally it is the same cert we use for HTTPS Inspection on the same gateway.

This is probably an obvious question(s) but can we use the same cert for HTTPS inspection and UserCheck on the same gateway and is there any risk of anything breaking when I replace the auto-generated cert within UserCheck our own internal cert?

Thanks,

Neil

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

View solution in original post

4 Replies
Vladimir
Champion
Champion
Neil_Foxall
Participant

Thanks Vladimir,

It does explain part of it, I just wanted to be certain that I can use the same cert applied for HTTPS Inspection for the UserCheck also.  I'm sure I can but thought I'd ask the forum before making the change?

0 Kudos
Norbert_Bohusch
Advisor

No, you can't use the same certificate for HTTPS Inspection and for the UserCheck portal (or any HTTPS portal of the gateway).

The reason can be seen if you look an what is actually used for HTTPS inspection and UserCheck portal:

- The certificate for UserCheck (or other portals) is a standard webserver certificate (server certificate).

- The certificate for HTTPS Inspection is no certificate but a sub CA (certificate authority) issued by an external CA (or an if created by Check Point a root CA). This CA issues server certificates for the access website on-the-fly, which are trusted by the client, because they trust the root CA.

Neil_Foxall
Participant

That makes sense now, thanks for detailing it out.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events