This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matt_J
Contributor
‎2019-02-14 02:39 PM
Jump to solution

Inbound SSL Inspection Certificate Issues

I am trying to setup inbound SSL Inspection for the first time for one of our websites we are deploying. 

I am using a Digicert wildcard certificate that is imported on the CheckPoint and installed on the server itself. I have verified the whole cert chain is installed and that it's the same cert on the CheckPoint and the server. 

If I turn on the SSL Inspection rule and run an SSL check from Digicert, SSL Shopper, etc, it comes back with an error saying that it's missing the intermediate cert. If I turn off the rule, it comes back just fine. 

Chrome works fine but some Android apps will not connect due to the intermediate missing. 

I have a ticket open but just curious if anyone else has had this issue before and how to get around it.

This is a Cloudguard AWS instance running R80.10. No load balancing or anything, just straight to a Windows server running Apache. 

Thanks in advance!

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-02-14 07:32 PM
Jump to solution

The .p12 file you import into SmartConsole must include all the intermediate certificates as well.

Otherwise, you see the behavior you are describing.

See: Best Practices - HTTPS Inspection 

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2019-02-14 07:32 PM
Jump to solution

The .p12 file you import into SmartConsole must include all the intermediate certificates as well.

Otherwise, you see the behavior you are describing.

See: Best Practices - HTTPS Inspection 

Matt_J
Contributor
‎2019-02-15 05:41 AM
In response to PhoneBoy
Jump to solution

The cert contains the whole chain. Are you saying I need to pack up the standalone intermediate along with the cert in the p12?

cert.png
Preview file
9 KB
0 Kudos
Matt_J
Contributor
‎2019-02-15 06:30 AM
In response to Matt_J
Jump to solution

Nevermind.. That worked! I packed up both the cert and the intermediate in the p12 and that works now. Can't believe I didn't think of that... I guess I assumed it would use the intermediate in the cert itself. 

Thanks!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top