This article explains how to enable or disable access to sites with invalid certificates when using Decrypt & Scan HTTPS on a firewall rule. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
An image like the one below will display when browsing to a website with an invalid certificate.
Sophos Firewall allows invalid certificates by default since version 16. This article will explain how to disable or enable the option using the CLI or the Admin Console on the GUI.
set service-param HTTPS invalid-certificate allow
set service-param HTTPS invalid-certificate block
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.