Sophos not allowing to use certificates in certain webs

Carla 2 months ago

Hi,

When SSL/TLS protection is activated from Sophos Central > Endpoint Protection > Base Policy, I encounter problems to access Public Administration/bank/taxes sites. I know that it's because it is not possible to decrypt their traffic. So I use exceptions. However, to login in some of those pages it is needed to use certificates and, despite having those webs as exceptions, I can't login into them. If I deactivate the SSL/TLS protection I indeed can. I don't want that though.

Even I have added those webs in the Firewall as exceptions of TLS/SSL and certificate analysis.

Can someone help me please? Any idea?

Thanks :)

Updated the tags
[edited by: Gladys at 10:39 AM (GMT -8) on 5 Mar 2024]

Parents

0 Qoosh 2 months ago

Hi Carla,

Thanks for reaching out to the Sophos Community Forum.

May I ask what web browser you are using? If you are using Firefox, I suggest checking the "Firefox and decryption" section of the following article.
- SSL/TLS decryption of HTTPS websites

Let me know if you've excluded the site from decryption under the "General Settings > SSL/TLS decryption of HTTPS websites" or if this has only been done from within the Threat Protection Policy.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Carla 2 months ago in reply to Qoosh

Hi Qoosh ,

It is not Firefox, it is Edge or Chrome. I already read that Firefox works with its own databases.

And answering the other question, I have put it as exception of the policy, in the genereal settings and as global exception too, it doesn't work either.

To resume it, in every exception page that Sophos Central has.

Regards!!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Yogalakshmi 2 months ago in reply to Carla
Hi Carla,

Good day.

Ensure that the policy gets received on the device once you save it. Open the Sophos endpoint self-help tool on the device -> Policy-> check the latest timestamp for network threat protection and Sophos adapter.

Post upon that, you could clear the browser cache once and then try to browse the site again by relaunching the browser.

Also, is the device under EAP? If yes, just for testing, you could remove that from EAP and try the issue.
Yogalakshmi
Sophos Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sophos User930 2 months ago in reply to Carla

could it be loading resources from other domains? Maybe take a look in the Developer tools at the Network tab and enable the domain column. It might provide some insight.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Sophos User930 2 months ago in reply to Carla

could it be loading resources from other domains? Maybe take a look in the Developer tools at the Network tab and enable the domain column. It might provide some insight.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data