Create a Post
Showing results for 
Search instead for 
Did you mean: 

HTTPS Inspection - no revocation in certificate (CRL or OCSP)


we are using R80.40 with enabled HTTPS Inspection. Everything for normal users is working fine but we have issues with command line tool because they are unable to validate the certificate. I know that on some libraries etc. we have to manually trust the certificate itself but the issue we are facing is related to the revocation list. Here is an example from a simple curl:


I noticed that the certificates that the gateways create doesn't include any CRL or OCSP information as you can see here:


The certificate that is on the gateways itself however includes a CRL which might be the reason we don't any issues with normal browsers:


I haven't found any information or SK that is applicable here. Maybe some of you have any idea on how to solve that.

0 Kudos
5 Replies
This widget could not be displayed.