Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
johnyb
Explorer

Untrusted Certificate

Hi Mates!

We have recently discovered that the certificate from "AnyNet Relay" (Anydesk) cannot be validated and we receive "Untrusted Certificate" from https inspection.

From SSL Server Test  we downloaded the certificate and uploaded to the gateway but still we get the same behavior.

Since we must categorize the application properly what is your suggestion to overcome the issue?

Many Thanks,

YV

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The Certificate Authority that signs the AnyDesk certificate must be uploaded to the trusted CA store. 
Instead of updating the entire list as shown here, you’ll “add” one: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

If this is a self-signed cert, you’ll upload the public key.
If this key is signed by a sub-CA, then the entire certificate chain must be uploaded.

johnyb
Explorer

Actually this is what i'm trying to do , to get the chain and upload it through "Import Outbound ...."

Pushing the policy to security gateway and still getting the same issue.

Not sure what is the issue afterall.

0 Kudos
PhoneBoy
Admin
Admin

What is the exact error you are getting and where?
Screenshots along with the version/JHF level would be helpful.

0 Kudos
johnyb
Explorer

R80.40 take 294 (both nodes of the cluster)

0 Kudos
PhoneBoy
Admin
Admin

Did you perform the steps mentioned in the SK referenced in the log message?
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
johnyb
Explorer

Yes indeed ...

Download the certificate chain of the abovementioned hostname from https://www.ssllabs.com/ssltest/  

uploaded through "Import Outbound ...." and push the policy.

But the issue remains!

0 Kudos