Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Quentin_Antrim
Participant

HTTPS Inspection untrusted certificate

I am testing Outgoing HTTPS Inspection on my R81 Internet Firewall with my PC.

I created the firewall CA cert, downloaded it and then imported it into my PCs Trusted Root Certification Authorities.  

When I try to go to a web site using HTTPS, I will get an untrusted certificate issue.  

In this attached example, I am trying https://samsclub.com.   Note the certificate "Issued By" section of the cert.

What is happening, how do I resolve this?

Thanks.

Quentin

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

Why R81 and not R81.20?
Please provide screenshots of exactly what you've configured (sensitive details redacted).

0 Kudos
Quentin_Antrim
Participant

Because we have not upgraded to R81.20 yet, but have plans to do so.  And we do have a non-CheckPoint technical issue currently that affects our R81.20 upgrade timeframe. 

Thanks.

0 Kudos
the_rock
Legend
Legend

Happy to send you updated zip file from mgmt server database that you can upload to your current environment (it contains updated cert list). But, just a small disclaimer, dont "shoot" the messenger if something goes south : - (

Though, Im 99.99% sure it would not go bad, as I had given same to people on here before and worked fine.

Im talking about below option in legacy https inspection dashboard (attached doc with screenshots for you)

Andy

 

0 Kudos
the_rock
Legend
Legend

Is it same issue on all PCs/browsers? I can tell you that personally, I find R81.20 works wayyy better when it comes to https inspection.

Andy

0 Kudos
Quentin_Antrim
Participant

Well, our main approved browser here is Chrome.  But we also have Edge.  I had not tried Edge as I wasn't considering it to be a browser issue right off the start, so I'll try that.  And we have not upgraded to R81.20 yet, but have plans to do so.  Sounds like need to get that expedited.  Thanks.

0 Kudos
emmap
Employee
Employee

That looks like Chrome - I believe Chrome (along with Firefox and probably other browsers) maintains its own cert store rather than using the Windows one. So you'll have to import the CA cert into Chrome directly.

0 Kudos
the_rock
Legend
Legend

I know for Chrome thats 100% true, not sure about other browsers, though, from all my testing with https inspection, I never had this issue. All I ever had to do was export inspection cert from gateway, move it to test windows PC and install as part of trusted root, thats it.

Andy

0 Kudos
Quentin_Antrim
Participant

Thanks emmap and the_rock regarding Chrome.  So, yes, I just exported the cert from the gateway and installed it to windows certmgr trusted root store on my test PC and tested intially with Chrome as that is our predominant browser.   But that's a good idea for my testing concerning the Chrome cert store.  I'll look into that also.    Thanks.

0 Kudos
the_rock
Legend
Legend

Btw, I attached zip file I was referring to in my last post.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events