Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor
Jump to solution

https inspection outbound CA certificate step#1

Threat Prevention R80.10 Administration Guide 

When setting up 'https inspection' on a gateway... Step #1: Create and outbound CA Certificate for HTTPS Inspection. Later, I will import this to the other gateways.  Has anyone had a conflict or problem using their company's domain name (DN) ie checkpoint.com in for the outbound certificate DN? Why use your company's DN, why not 'outbound.checkpoint.com' for example just to be safe?   #certificate #outbound #httpsinspection #sslinspection #step1

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

That's what I was trying to say: it really doesn't matter. Smiley Happy

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

For the CA key? It shouldn't matter.

0 Kudos
Daniel_Kavan
Advisor

Is there any disadvantage to just using 'outbound.mydomain.com' for example?    Would it make it any more inconvenient to get to community.mydomain.com for example?

0 Kudos
PhoneBoy
Admin
Admin

When you access a given site with HTTPS Inspection enabled, a new certificate for that site is generated on fly using the exact same DN that the original certificate had.

That certificate is signed by the CA key configured on the Security Gateway.

The DN of the CA key is only relevant insofar as validating who signed the certificate, not the DN accessed by the browser.

0 Kudos
Daniel_Kavan
Advisor

Ok, sounds good.  

However, I still don't see any reason for good or for bad to use/not use the exact DN of my organization.  If I'm going to www.yahoo.com with a cert key of 'checkpoint.com' or 'outbound.checkpoint.com', does it really matter?

0 Kudos
PhoneBoy
Admin
Admin

That's what I was trying to say: it really doesn't matter. Smiley Happy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events