Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ben_Dunkley
Contributor

HTTPS Certificate Validation - ds.kaspersky.com / Harmony Endpoint

Hi,

After dealing with some certificate validation issues recently (resolved via sk64521 / sk173629 - slightly frustrating this isn't automatic by default), almost all of the certificate validation errors are gone.

The last remaining validation error is for the FQDN ds.kaspersky.com, which logs as follows (identifying & irrelevant info snipped out):


HTTPS Validation: Untrusted Certificate
Description: Certificate DN: 'CN=ds.kaspersky.com,OU=CIWD,O=AO Kaspersky Lab,L=Moscow,ST=Moscow,C=RU' Requested Server Name: ds.kaspersky.com. See sk159872
Destination: 82.202.185.148
Destination Port: 443
IP Protocol: 6
Action: Detect
Type: Log
Blade: HTTPS Inspection
Service: TCP/443
Product Family: Network
Resource: ds.kaspersky.com

 

This occurs across half a dozen or so destination IP addresses, but the same FQDN in each case.

Testing using openssl reveals the following certificate chain, and there are no Kaspersky certificates in Checkpoint's Trusted CA list, which is fine I guess, as it does look like Kaspersky are potentially just using their own CA, which may not be publicly trusted (i.e. if it is explicitly trusted in their products that leverage these services).

Certificate chain
 0 s:/C=RU/ST=Moscow/L=Moscow/O=AO Kaspersky Lab/OU=CIWD/CN=ds.kaspersky.com
   i:/C=RU/O=Kaspersky Lab/CN=Kaspersky Lab Public Services TLS CA
 1 s:/C=RU/O=Kaspersky Lab/CN=Kaspersky Lab Public Services TLS CA
   i:/DC=com/DC=kaspersky/DC=authenticity/CN=Kaspersky Lab Public Services Root Certification Authority
 
The part that is a little frustrating, is that all this traffic is originating from Check Point Harmony Endpoint clients!
 
So I'm curious what view others may have on this, ignore it? manually trust the CA? something else?
 
Thanks,
Ben
0 Kudos
3 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events