Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
In Sophos UTM 9.5, a new feature is introduced to send a notification alert when any of the certificates present on the UTM appliance are within 30 days of expiry. This notification will look similar to the following:
1 certificate(s) will expire within the next 30 days: Proxy CA -- System Uptime : 0 days 12 hours 12 minutes System Load : 0.35 System Version : Sophos UTM 9.500-9 Please refer to the manual for detailed instructions.
1 certificate(s) will expire within the next 30 days: Proxy CA
-- System Uptime : 0 days 12 hours 12 minutes System Load : 0.35 System Version : Sophos UTM 9.500-9
Please refer to the manual for detailed instructions.
Proxy CA in the above example is the name of the certificate in question.
For manually imported verification Certificate Authority (CA), the name in the notification may not be enough to identify the certificate immediately. This notification triggers if any of the certificates within the UTM's certificate store are within 30 days of expiry, regardless if certificates are in use by the current configuration or not.
The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
In many cases no action is required based on this notification. For example, if the certificate is no longer in use has been replaced by an external CA or regenerated.
The first action is to try and identify the certificate:
If the certificate is still not identified then it is likely that no action is required. However, the following process can be used to identify the cause of the alert:
2017:05:10-09:17:01 SOPHOS_UTM [daemon:info] notify_expiring_certs.pl: INFO - certificate REF_CaMatCukLghXvygo2 will expire 2017:05:10-09:17:01 SOPHOS_UTM [daemon:info] notify_expiring_certs.pl: INFO - notified about 1 certificates, which will expire
cc get_affected_objects REF_CaMatCukLghXvygo2
Contact Sophos Support if the certificate is still unidentified.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.