SSL inspection for clients connecting from the Internet to the server behind the USG FLEX 500
Freshman Member
Hello,
has anyone managed to set up a working SSL inspection for clients connecting from the Internet to the server behind the USG FLEX 500?
I have an IIS server in the local network accessible from the Internet and I'm trying to set up SSL inspection for it.
I uploaded the same SSL certificate to the USG as on the server (Let's Encrypt). In Trusted Ceritificates I have root and intermediate Let's Encrypt certificates. If I open the certificates, I see "Validation Result=successful".
In SSL Inspection I have a Profile with a Let's Encrypt certificate and the profile is set in the security policy.
If I try to view pages from the server on a client computer browser on the Internet, it reports an error: ERR_CERT_AUTHORITY_INVALID
In the USG log it is: SSL version: 0x0304, CN = xxx.zzzzzzz.cz, cert key = RSA-2048
Can anyone advise me, please?
All Replies
-
Hi @Kv3
Regarding your description, it seems like you set the SSL inspection to a WAN to LAN policy. Please note that SSL inspection usually be set with LAN to WAN policy to protect client's traffic. It is recommended to disassociate the SSL Inspection with the security policy.
Zyxel Melen0 -
I think for SSL inspection to work the client needs the certificate in their trusted root certification
0
Zyxel Employee
Guru Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 617 USG FLEX H Series
- 347 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 485 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight
