TLS inspection using self-signed certificate not working

jameswonderguy · ‎Mar 17 2023

Hi,

On a fairly new Azure Firewall Premium setup with network, application, and NAT rules, TLS inspection has been enabled using self-signed certificate. The below document was followed for implementation.

https://techcommunity.microsoft.com/t5/azure-network-security-blog/building-a-poc-for-tls-inspection...

The CER certificate has been installed on a test system behind the Azure firewall but the interception does not work.

Any pointers?

Thanks

James

Kidd_Ip · ‎Mar 17 2023

@jameswonderguy

Any logs and errors for the issue to further explain the case?

jameswonderguy · ‎Mar 22 2023

@Kidd_Ip
The interception now works. It started working all of a sudden after many days of having installed the .CER certificate on the test system; very strange.

Now, it works as expected (verified on user PC's browser - common name shows Azure Firewall Manager CA). However, the firewall application logs does not show if TLS inspection took place on the user PC. Is there a specific query to be written in order for the firewall to show that? Else, it is impractical to verify the same.

Thanks

TLS inspection using self-signed certificate not working

TLS inspection using self-signed certificate not working

Re: TLS inspection using self-signed certificate not working

Re: TLS inspection using self-signed certificate not working

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

TLS inspection using self-signed certificate not working

TLS inspection using self-signed certificate not working

Re: TLS inspection using self-signed certificate not working

Re: TLS inspection using self-signed certificate not working