Does Huntress work with Deep Packet Inspection (TLS/SSL Interception)?

The Huntress Agent communicates over HTTPS (port 443) to the domain. If you use deep packet inspection, also known as TLS/SSL interception, you will need to whitelist/exclude the certificate or the common name (CN) from TLS/SSL inspection. The Huntress Agent uses certificate pinning to verify the domain certificate and will cease communications if presented with an unexpected certificate.

We provide a command line tool, TestHuntressConnection.exe, you can use to test the connection. If this tool is unable to connect to, the Huntress Agent will likely be unable to as well. In addition to writing to the console, the tool will also log to C:\WINDOWS\temp\TestHuntressConnection.log. If the tool is able to successfully connect, it will exit with %ERRORLEVEL% 0, otherwise, it exits with %ERRORLEVEL% 1.

c:\temp> TestHuntressConnection.exe

2019/03/04 19:33:47 - Log file: C:\WINDOWS\temp\TestHuntressConnection.log
2019/03/04 19:33:47 - Tool for testing connection to
2019/03/04 19:33:47 - Updated: 3 March 2019
2019/03/04 19:33:47 - Attempting to connect to
2019/03/04 19:33:47 - Connection Successful.
c:\temp> TestHuntressConnection.exe

2019/03/04 19:42:31 - Log file: C:\WINDOWS\temp\TestHuntressConnection.log
2019/03/04 19:42:31 - Tool for testing connection to
2019/03/04 19:42:31 - Updated: 3 March 2019
2019/03/04 19:42:31 - Attempting to connect to
2019/03/04 19:42:38 - Connection failed
2019/03/04 19:42:38 - ERROR: Certificate mismatch.
        Please see the following for details:
2019/03/04 19:42:38 - For help, please send the log (C:\WINDOWS\temp\TestHuntressConnection.log) to the Huntress Team at

The web browser on one the hosts where the error occurred may help to further identify the issue. Navigate to and click the lock next to the URL to reveal the certificate details. If the details differ from the image below there is likely an SSL Proxy/Deep Packet Inspection device in use. Often times, the device vendor's name will appear in the "Issued By" field.

Still need help? Contact Us Contact Us