This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forced check on certificate chain used for required TLS negotiation for specific hosts / sender domainsTLS

For secure communication with one of our customers we need to comply with the two following conditions. Is this possible on the Sophos UTM SG450?

 

-         Validate certificate ( There should be a check when sending email using TLS that there is a trust with the certificate chain of the certificate being used)
-         Verify certificate (There should be a check when sending email using TLS that the CN of the certificate matches the MX Host. With some appliances it is also possible to check the CN of the certificate to another predefined value)

 

If I’m correct and from what I've read, the SEA from Sophos supports this, but does the UTM? We’re using the SG450 for sending and receiving e-mail and now one of our customers’ demands these conditions. Is this possible with the UTM and f so, where can this be found?

 

I already imported the root and intermediate certificates under Certificate Authority, but I can't find anything on forcing to check the certificate chain.

 

Thanks in advance!



This thread was automatically locked due to age.
  • As a first impulse, I think this is not possible with the UTM, unfortunately. But this has not to be the last word.

    That would be nice features.

    Best

    Alex

    PS you could try your idea here:

    -

  • Hoi and welcome to the UTM Community!

    I don't think that this is doable, but it's my impression that GDPR doesn't require this.  Please open a ticket with Sophos Support and report back he what you learn.  Send me a private message if you don't think your question is receiving the right attention.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA