Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DmitriyDubovik
Contributor

Untrusted certificate, HTTPS inspection bypass

Good evening.

At the moment, we need to provide a bypass to the resource https://website.com/ which, when connected to it, accesses the resource https://add.website.com/.

The https://add.websitedmz.com/ resource has a self-signed certificate.

Nevertheless, despite the bypass rules, this https://add.websitedmz.com/ resource is still detect, which interferes with the work of the entire https://websitedmz.com/ resource.

self-signed cert add.websitedmz.com was added to trusted ca but still detectable.

Please suggest how to bypass this resource.

 

1.png

 

2.png

 

3.png

 

 

0 Kudos
19 Replies
the_rock
Legend
Legend

Can you show bypass rule for it? Please blur out any sensitive info.

Andy

0 Kudos
DmitriyDubovik
Contributor

good morning 

This is from test open server, on the production CP we hame the same issue, difference between them only in number of applications

 

4.png

5.png

0 Kudos
PhoneBoy
Admin
Admin

As part of HTTPS Inspection, we also validate the certificate of the site you are accessing.
Have you added the self-signed certificate to the trusted CA list in SmartDashboard?

0 Kudos
DmitriyDubovik
Contributor

good morning 

Have you added the self-signed certificate to the trusted CA list in SmartDashboard?


Yes, i did. 

1.png



PhoneBoy
Admin
Admin

I'm referring to the certificate for add.websitedmz.com itself.

DmitriyDubovik
Contributor

added with all CA, still don t work 

Same Untrusted Ceertificate Issue:

Certificate DN: "O=websitedmz.com", Requested Server Name: add.websitedmz.com See sk159872

 

0 Kudos
_Val_
Admin
Admin

0 Kudos
_Val_
Admin
Admin

No, this is not CA cert, this is the web server certificate. It clearly shows "Issued by Untrusted". You need the root cert, which is probably not applicable to self-signed. I suggest you add any third party certificate to that server, preferably issued by your own corporate CA or AD, and then add that signing CA as trusted root.

0 Kudos
(1)
DmitriyDubovik
Contributor

Thanks. Can I still make checkpoint ignore an issued by untrusted certificate and bypass it, beside making third party certificate? I m affraid it is not first case...

0 Kudos
_Val_
Admin
Admin

The log says "Detect", which means traffic is not affected. Why would you need an exception? To avoid logging?

DmitriyDubovik
Contributor

I can t access the second domain level site https://websitedmz.com/. because some issues with https inspection on third domain level site  https://add.websitedmz.com/.  When i turn off the Https inspection, it works fine. Can t say why. 

 


@_Val_ wrote:

The log says "Detect", which means traffic is not affected. 

 




Next step is Inspect.


 

_Val_
Admin
Admin

Add a bypass for that level too. Also, in HTTPS Inspection / Server Validation , make sure you did not check box to drop traffic from with untrusted certs.

Screenshot 2023-07-04 at 12.28.41.png

DmitriyDubovik
Contributor

 
 

5.png


It is turned off. 

 

0 Kudos
ww1m6
Explorer

Hello, I am unable to find this section, can you tell me how to get to it?

0 Kudos
the_rock
Legend
Legend

Its in legacy dashboard.

0 Kudos
ww1m6
Explorer

Hello, I can't find this settings section, can you tell me how to get to it?

0 Kudos
PhoneBoy
Admin
Admin

You have to get to the legacy SmartDashboard, which you do by going here:

Screenshot 2024-05-30 at 5.06.24 PM.png

From there, click on HTTPS Validation

image.png

the_rock
Legend
Legend

I would definitely double check option @_Val_ mentioned for untrusted cert (its in legacy https inspection dashboard settings)

Andy

0 Kudos
DmitriyDubovik
Contributor

i bet this is some sort of bug, because dashboard settings is off

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events