Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

HTTPS Inspection and macOS 10.15 (Catalina)

Apple has changed the requirements regarding HTTPS server certificates in its products – Mainly Catalina 10.15 and iOS 13.
SHA1 signed certificates are no longer considered secure and servers using them will be blocked.
The default CA certificate we generate for HTTPS Inspection is SHA1 signed.
This means end users with a default HTTPS Inspection CA certificate using macOS 10.15 endpoints will encounter an untrusted certificate error message.
More details (and a solution) can be found in sk163932. 

In R80.40, the default HTTPS Inspection CA certificate will be SHA256 signed.
This change will also be integrated into upcoming Jumbo Hotfixes for other R80.x releases.

3 Replies
Andrew_Kim
Explorer

Do you know if the fix is going to be provided to the SMB line of appliances, namely the 700 and 1400 series?

 

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

Not aware of any specific plans.
That said, you can ask via TAC if the relevant fix can be ported to the SMB appliances.
Note you can always generate a new CA key using a procedure similar to this sk (though not directly on the SMB appliance): https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Andrew_Kim
Explorer

Thanks for the response.  I'll need to reach out to TAC to see what, if anything, can be done.  I also did try the fix in the SK using an R80.30 firewall but that didn't appear to change the behavior at all on the SMB device.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events