This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature update to Windows 10 Enterprise, version 1703, en-us and Sophos utm 9 console

hi all

we updated our windows 10 computers last week to Feature update to Windows 10 Enterprise, version 1703, en-us and since then are unable to connect to the UTM admin web page from Edge or IE11 but can through Chrome, anyone else had that?



This thread was automatically locked due to age.
Parents
  • Microsoft browsers have become more militant about enforcing certificate integrity.   It is either because (a) your site does not use a CA-issued certificate, (b) your certificate uses SHA1 or some other feature that has been deprecated, or (c) UTM does not supply the intermediate certificate in the downloaded certificate chain for User Portal or Web Admin.

    There latter has been a problem for a long time, but Sophos has felt no urgency about fixing the problem.  Most browsers know that this is a common configuration error, and work around it by using AIA Fetching.   I thought all versions of Microsoft browsers would be in that group, but if not, there are several workarounds to it:   #1 Install the intermediate certificate on the clients that need access.  #2 Use the simple fix, which I think is in a KB article, which installs the intermediate certificate temporarily.  #3 Use the more complex fix which is in one of the forum posts, and uses CC to load the intermediate certificate permanently.  #4 Use a browser that does not complain.

Reply
  • Microsoft browsers have become more militant about enforcing certificate integrity.   It is either because (a) your site does not use a CA-issued certificate, (b) your certificate uses SHA1 or some other feature that has been deprecated, or (c) UTM does not supply the intermediate certificate in the downloaded certificate chain for User Portal or Web Admin.

    There latter has been a problem for a long time, but Sophos has felt no urgency about fixing the problem.  Most browsers know that this is a common configuration error, and work around it by using AIA Fetching.   I thought all versions of Microsoft browsers would be in that group, but if not, there are several workarounds to it:   #1 Install the intermediate certificate on the clients that need access.  #2 Use the simple fix, which I think is in a KB article, which installs the intermediate certificate temporarily.  #3 Use the more complex fix which is in one of the forum posts, and uses CC to load the intermediate certificate permanently.  #4 Use a browser that does not complain.

Children
No Data