4

I have a software which run as a service (Checkpoint Identity Awareness) which connects to a server and verifies its identity (actually a checkpoint firewall) by checking its certificate, like any browser do. The problem is that this software keeps not recognizing the certificate presented by the server, although the certificate chain is present in the computer certificate store, and so in the service certificate store. This triggers a warning message saying that the gateway is untrusted.

To help me debug this issue, is there a windows event that log access to certificate store (reading), so I can see if the software actually tries to check the certificate?

I hope its clear enough

thibon
  • 141
  • 2
  • view the certificate path in a browser and see if contains the root certs, view certificate >> details. or chain the certificates into a single file – Sum1sAdmin Jun 17 '16 at 10:45
  • I haven't tested this, but I think certificates are stored as registry entries `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates`, you can enable auditing for any registry key or value. The audited access to the keys should then show up in the security event log. You could also use Process Monitor and set a filter on certain registry keys. – Peter Hahndorf Jun 17 '16 at 13:28

0 Answers0