- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Untrusted certificate, HTTPS inspection bypass
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Untrusted certificate, HTTPS inspection bypass
Good evening.
At the moment, we need to provide a bypass to the resource https://website.com/ which, when connected to it, accesses the resource https://add.website.com/.
The https://add.websitedmz.com/ resource has a self-signed certificate.
Nevertheless, despite the bypass rules, this https://add.websitedmz.com/ resource is still detect, which interferes with the work of the entire https://websitedmz.com/ resource.
self-signed cert add.websitedmz.com was added to trusted ca but still detectable.
Please suggest how to bypass this resource.
- Labels:
-
HTTPS Inspection
-
URL Filtering
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show bypass rule for it? Please blur out any sensitive info.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
good morning
This is from test open server, on the production CP we hame the same issue, difference between them only in number of applications
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As part of HTTPS Inspection, we also validate the certificate of the site you are accessing.
Have you added the self-signed certificate to the trusted CA list in SmartDashboard?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
good morning
Have you added the self-signed certificate to the trusted CA list in SmartDashboard?
Yes, i did.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm referring to the certificate for add.websitedmz.com itself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
added with all CA, still don t work
Same Untrusted Ceertificate Issue:
Certificate DN: "O=websitedmz.com", Requested Server Name: add.websitedmz.com See sk159872
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please look into this thread: https://community.checkpoint.com/t5/Security-Gateways/HTTPS-Certificate-validation-SK159872/td-p/131...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, this is not CA cert, this is the web server certificate. It clearly shows "Issued by Untrusted". You need the root cert, which is probably not applicable to self-signed. I suggest you add any third party certificate to that server, preferably issued by your own corporate CA or AD, and then add that signing CA as trusted root.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. Can I still make checkpoint ignore an issued by untrusted certificate and bypass it, beside making third party certificate? I m affraid it is not first case...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The log says "Detect", which means traffic is not affected. Why would you need an exception? To avoid logging?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can t access the second domain level site https://websitedmz.com/. because some issues with https inspection on third domain level site https://add.websitedmz.com/. When i turn off the Https inspection, it works fine. Can t say why.
@_Val_ wrote:The log says "Detect", which means traffic is not affected.
Next step is Inspect.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add a bypass for that level too. Also, in HTTPS Inspection / Server Validation , make sure you did not check box to drop traffic from with untrusted certs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is turned off.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I am unable to find this section, can you tell me how to get to it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its in legacy dashboard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I can't find this settings section, can you tell me how to get to it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to get to the legacy SmartDashboard, which you do by going here:
From there, click on HTTPS Validation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would definitely double check option @_Val_ mentioned for untrusted cert (its in legacy https inspection dashboard settings)
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i bet this is some sort of bug, because dashboard settings is off
