Deep Packet Inspection / TLS/SSL Interception / Cert Pinning – Huntress Product Support

Team: Huntress EDR
Product: Your sites firewall, router, DNS, and/or content filtering platforms
Environment: Huntress Management Portal
Summary: If you use deep packet inspection (DPI), TLS/SSL interception, certificate pinning, certificate interception, Acronis DeviceLock DLP, or any type of certificate inspecting service you will need to allow-list/exclude the huntress.io certificate or the common name (CN) huntress.io from TLS/SSL inspection. The Huntress Agent uses certificate pinning to verify the huntress.io domain certificate and will cease communications if presented with an unexpected huntress.io certificate.

We provide a command-line tool, testhuntressconn.exe (updated November 16, 2023), you can use to test the connection. If this tool is unable to connect to https://huntress.io, the Huntress Agent will likely be unable to as well. In addition to writing to the console, the tool will also log to C:\WINDOWS\temp\TestHuntressConnection.log. If the tool is able to successfully connect, it will exit with %ERRORLEVEL% 0, otherwise, it exits with %ERRORLEVEL% 1.

Example successful attempt (trimmed the output to only the important bits)

2023/08/07 11:17:44 - Tool for testing connection to Huntress endpoints
2023/08/07 11:17:44 - Version: 2.1.0 (15 June 2023)
2023/08/07 11:17:44 - Log file: C:\Windows\temp\TestHuntressConnection.log
2023/08/07 11:17:44 - Connection Successful for https://eetee.huntresscdn.com
2023/08/07 11:17:44 - Connection Successful for https://sessions.bugsnag.com
2023/08/07 11:17:44 - Connection Successful for https://notify.bugsnag.com
2023/08/07 11:17:44 - Connection Successful for https://huntress-rio.s3.amazonaws.com
2023/08/07 11:17:44 - Connection Successful for https://huntress-survey-results.s3.amazonaws.com
2023/08/07 11:17:44 - Connection Successful for https://huntress-installers.s3.amazonaws.com
2023/08/07 11:17:44 - Connection Successful for https://huntress-updates.s3.amazonaws.com
2023/08/07 11:17:44 - Connection Successful for https://huntress.io
2023/08/07 11:17:44 - Connection Successful for https://huntress-user-uploads.s3.amazonaws.com
2023/08/07 11:17:44 - Connection Successful for https://eetee.huntress.io
2023/08/07 11:17:44 - Connection Successful for https://update.huntress.io
2023/08/07 11:17:44 - Connection Successful for https://huntress-uploads.s3.us-west-2.amazonaws.com
2023/08/07 11:17:45 - Connection Successful for https://huntresscdn.com

Failure output can vary depending on environmental factors so please contact us if the output from C:\WINDOWS\temp\TestHuntressConnection.log if it doesn't match the above.

The web browser on one of the hosts where the error occurred may help to further identify the issue. Navigate to https://huntress.io and click the lock next to the URL to reveal the certificate details. If the details differ from the image below there is likely an certificate interception device in use. Often times, the device vendor's name will appear in the "Issued By" field.

TestHuntressConnection.exe
4 MB Download
testhuntressconnection2.exe
5 MB Download
testhuntressconn.exe
5 MB Download

Related articles