Sophos Endpoint

Discussions Enpoint - Threat Detection - SSL inspection active - invalid date

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Verified Answer
+1 person also asked this people also asked this
Locked Locked
Replies 11 replies
Subscribers 20 subscribers
Views 8340 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enpoint - Threat Detection - SSL inspection active - invalid date

JustinMilne 8 months ago

Leap year bug guys?

Seeing more and more reports of Browser warning NET:ERR_CERT_DATE_INVALID

its the Sophos Endpoint RSA Root with a date of 1/1/1601

Meaning its the SSL/TLS Inspection feature - turn it off and the problem goes away...

Ouch!

This thread was automatically locked due to age.

Top Replies

JustinMilne 8 months ago +4 verified

And the KB Advisory: Endpoints fail to decrypt root certificate after a reboot (sophos.com)

Parents

+1 JustinMilne 8 months ago

And the KB Advisory: Endpoints fail to decrypt root certificate after a reboot (sophos.com)
Cancel
Vote Up +4 Vote Down

Cancel
0 Eva Rowe 8 months ago in reply to JustinMilne

this worked for us
Cancel
Vote Up 0 Vote Down

Cancel
0 colly72 8 months ago in reply to Eva Rowe

We're having issues even though it's disabled in policy, particularly for devices on wifi and not our wired network. Disabling in the threat protection policy and rebooting the device doesn't resolve the issue in these cases
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 colly72 8 months ago in reply to Eva Rowe

We're having issues even though it's disabled in policy, particularly for devices on wifi and not our wired network. Disabling in the threat protection policy and rebooting the device doesn't resolve the issue in these cases
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Maxim-Sophos 8 months ago in reply to colly72

It could just be a timing issue - policy has to have time to refresh after changing it in Central. The knowledgebase article has been updated to reflect this.
Cancel
Vote Up 0 Vote Down

Cancel
0 David Thomson 8 months ago in reply to Maxim-Sophos

Early Friday morning I turned SSL/TLS decryption back on in Central - an hour or so later clients started reporting the issue. I updated their endpoints but it made no difference, so SSL/TLS is off again.

This reminds me of the expired intermediate certificate issue in 2020. Different issue - same lack of attention to detail.
Cancel
Vote Up 0 Vote Down

Cancel