This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Quentin_Antrim
Participant
‎2023-09-15 09:25 AM

HTTPS Inspection untrusted certificate

I am testing Outgoing HTTPS Inspection on my R81 Internet Firewall with my PC.

I created the firewall CA cert, downloaded it and then imported it into my PCs Trusted Root Certification Authorities.  

When I try to go to a web site using HTTPS, I will get an untrusted certificate issue.  

In this attached example, I am trying https://samsclub.com.   Note the certificate "Issued By" section of the cert.

What is happening, how do I resolve this?

Thanks.

Quentin

Preview file
59 KB
0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2023-09-15 03:01 PM

Why R81 and not R81.20?
Please provide screenshots of exactly what you've configured (sensitive details redacted).

0 Kudos
Quentin_Antrim
Participant
‎2023-09-18 09:18 AM
In response to PhoneBoy

Because we have not upgraded to R81.20 yet, but have plans to do so.  And we do have a non-CheckPoint technical issue currently that affects our R81.20 upgrade timeframe. 

Thanks.

0 Kudos
the_rock
Legend
Legend
‎2023-09-18 09:26 AM
In response to Quentin_Antrim

Happy to send you updated zip file from mgmt server database that you can upload to your current environment (it contains updated cert list). But, just a small disclaimer, dont "shoot" the messenger if something goes south : - (

Though, Im 99.99% sure it would not go bad, as I had given same to people on here before and worked fine.

Im talking about below option in legacy https inspection dashboard (attached doc with screenshots for you)

Andy

 

Preview file
355 KB
0 Kudos
the_rock
Legend
Legend
‎2023-09-16 07:31 AM

Is it same issue on all PCs/browsers? I can tell you that personally, I find R81.20 works wayyy better when it comes to https inspection.

Andy

0 Kudos
Quentin_Antrim
Participant
‎2023-09-18 09:22 AM
In response to the_rock

Well, our main approved browser here is Chrome.  But we also have Edge.  I had not tried Edge as I wasn't considering it to be a browser issue right off the start, so I'll try that.  And we have not upgraded to R81.20 yet, but have plans to do so.  Sounds like need to get that expedited.  Thanks.

0 Kudos
emmap
Employee
Employee
‎2023-09-18 01:24 AM

That looks like Chrome - I believe Chrome (along with Firefox and probably other browsers) maintains its own cert store rather than using the Windows one. So you'll have to import the CA cert into Chrome directly.

0 Kudos
the_rock
Legend
Legend
‎2023-09-18 04:47 AM
In response to emmap

I know for Chrome thats 100% true, not sure about other browsers, though, from all my testing with https inspection, I never had this issue. All I ever had to do was export inspection cert from gateway, move it to test windows PC and install as part of trusted root, thats it.

Andy

0 Kudos
Quentin_Antrim
Participant
‎2023-09-18 09:27 AM
In response to the_rock

Thanks emmap and the_rock regarding Chrome.  So, yes, I just exported the cert from the gateway and installed it to windows certmgr trusted root store on my test PC and tested intially with Chrome as that is our predominant browser.   But that's a good idea for my testing concerning the Chrome cert store.  I'll look into that also.    Thanks.

0 Kudos
the_rock
Legend
Legend
‎2023-09-18 09:30 AM
In response to Quentin_Antrim

Btw, I attached zip file I was referring to in my last post.

Andy

updateFile.zip
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events