4

I have a software which run as a service (Checkpoint Identity Awareness) which connects to a server and verifies its identity (actually a checkpoint firewall) by checking its certificate, like any browser do. The problem is that this software keeps not recognizing the certificate presented by the server, although the certificate chain is present in the computer certificate store, and so in the service certificate store. This triggers a warning message saying that the gateway is untrusted.

To help me debug this issue, is there a windows event that log access to certificate store (reading), so I can see if the software actually tries to check the certificate?

I hope its clear enough

Improve this question
2
  • view the certificate path in a browser and see if contains the root certs, view certificate >> details. or chain the certificates into a single file Commented Jun 17, 2016 at 10:45
  • I haven't tested this, but I think certificates are stored as registry entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates, you can enable auditing for any registry key or value. The audited access to the keys should then show up in the security event log. You could also use Process Monitor and set a filter on certain registry keys. Commented Jun 17, 2016 at 13:28

1 Answer 1

Reset to default
1 
# Function to add auditing to a registry key function Add-RegistryAudit { param ( [string]$keyPath, [string]$principal = "Everyone", [string]$auditPermissions = "ReadKey" ) $acl = Get-Acl -Path $keyPath $auditRule = New-Object System.Security.AccessControl.RegistryAuditRule($principal, $auditPermissions, "Success,Failure") $acl.SetAuditRule($auditRule) Set-Acl -Path $keyPath -AclObject $acl } # Define the registry key path $keyPath = "HKLM:\SOFTWARE\Microsoft\SystemCertificates" # Add auditing Add-RegistryAudit -keyPath $keyPath
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.