Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 13983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering HTTPS - weird issue

MarcusH

Hi,

I'm a home user. I'm having a bit of a strange issue. Every now and then, I can't connect to HTTPS websites due to a certificate error.

Firefox is set to manually use the Proxy. The CA has been imported into the system and into Firefox. HTTPS is set to URL Filtering Only. All users using own internal DNS that forwards to Google.

Every now and then, It'll fail to connect to a page with the below error. Leave it a few minutes, refresh and it's fine.

    Your connection is not secure

    The owner of www.google.com has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

    This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

    Learn more…

    Report errors like this to help Mozilla identify and block malicious sites

    www.google.com uses an invalid security certificate.

    The certificate is only valid for www.google.com.internal.[mydomain].co.uk

    Error code: SSL_ERROR_BAD_CERT_DOMAIN

Anyone got any ideas? Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Hi,

    Clear the browsers cache completely, restart the browser and tell us if that help? If not, can you show me a screenshot from Web Filtering | Filtering option | MISC tab? 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi,

     

    Sorry for late response, got side tracked.

     

    Cache cleared and issue seems to persist still. Seems to occur in multiple browsers, randomly.

     

    Thanks in advance for your help.

  • 0 in reply to MarcusH

    If you were using HTTPS inspection, the reference to HSTS might be a reason why an exception from HTTPS inspection would be needed.  Even then, I would expect the problem to be consistent.   I wonder if you have a time sync problem that could be causing your certificate problems.   I cannot explain how that would cause your symptoms, but it is something to check.   

    I have had no complaints of your type, now or previously  Currently running 9.506 with many users.

  • 0 in reply to MarcusH

    Please PM the remote support access code to verify the configurations. Refer to, https://community.sophos.com/kb/en-us/121548.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Searching for solutions to this error - This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.  brought me here.

    Web filtering is in transparent mode.
    Https scanning is in Decrypt and scan the following: with the default categories selected.

    I imported the proxy certificate into the pc but was getting the above error in Firefox but not chrome/opera.

    Turns out I missed the requirement about importing the certificate into firefox.

    Issue resolved after this.

Unfiltered HTML