This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
johnyb
Explorer
‎2021-09-11 12:51 AM

Untrusted Certificate

Hi Mates!

We have recently discovered that the certificate from "AnyNet Relay" (Anydesk) cannot be validated and we receive "Untrusted Certificate" from https inspection.

From SSL Server Test  we downloaded the certificate and uploaded to the gateway but still we get the same behavior.

Since we must categorize the application properly what is your suggestion to overcome the issue?

Many Thanks,

YV

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-09-11 10:01 AM

The Certificate Authority that signs the AnyDesk certificate must be uploaded to the trusted CA store. 
Instead of updating the entire list as shown here, you’ll “add” one: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

If this is a self-signed cert, you’ll upload the public key.
If this key is signed by a sub-CA, then the entire certificate chain must be uploaded.

johnyb
Explorer
‎2021-09-11 11:09 AM
In response to PhoneBoy

Actually this is what i'm trying to do , to get the chain and upload it through "Import Outbound ...."

Pushing the policy to security gateway and still getting the same issue.

Not sure what is the issue afterall.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-11 01:15 PM
In response to johnyb

What is the exact error you are getting and where?
Screenshots along with the version/JHF level would be helpful.

0 Kudos
johnyb
Explorer
‎2021-09-11 08:49 PM
In response to PhoneBoy

R80.40 take 294 (both nodes of the cluster)

Preview file
84 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-11 10:25 PM
In response to johnyb

Did you perform the steps mentioned in the SK referenced in the log message?
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
johnyb
Explorer
‎2021-09-11 10:34 PM
In response to PhoneBoy

Yes indeed ...

Download the certificate chain of the abovementioned hostname from https://www.ssllabs.com/ssltest/  

uploaded through "Import Outbound ...." and push the policy.

But the issue remains!

0 Kudos