Support Center > Search Results > SecureKnowledge Details
CPUSE Agent fails to establish connection with Check Point Cloud when 3rd party Proxy with SSL Inspection is used
Symptoms
  • CPUSE Agent (sk92449) fails to establish connection to Check Point Cloud.
  • /opt/CPInstLog/DeploymentAgent.log shows:

    cp_verify_certificate: chain level: 0, error: Could not retrieve CRL.
    * servercert: cp_verify_certificate returned: 5
    * servercert: Error - server certificate validation failed!
    * Closing connection #0
    * Error validating peer certificate using CRLs
Cause

Environment: Gaia OS is configured to use 3rd party Proxy with SSL inspection.

3rd party Proxy with SSL Inspection strips the CRL from the certificate presented to the Gaia OS. As a result, the connection to Check Point Cloud fails due to failed CRL validation.


Solution
Note: To view this solution you need to Sign In .