Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marcel_Gramalla
Collaborator

HTTPS Inspection - no revocation in certificate (CRL or OCSP)

Hi,

we are using R80.40 with enabled HTTPS Inspection. Everything for normal users is working fine but we have issues with command line tool because they are unable to validate the certificate. I know that on some libraries etc. we have to manually trust the certificate itself but the issue we are facing is related to the revocation list. Here is an example from a simple curl:

curl_error.PNG

I noticed that the certificates that the gateways create doesn't include any CRL or OCSP information as you can see here:

cert_extensions.PNG

The certificate that is on the gateways itself however includes a CRL which might be the reason we don't any issues with normal browsers:

cert_subca_extensions.PNG

I haven't found any information or SK that is applicable here. Maybe some of you have any idea on how to solve that.

0 Kudos
5 Replies
This widget could not be displayed.