Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 4 subscribers
  • Views 6420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Config UTM Home 9.6, a lot of Websites and Services dont work, mostly those with let'encrypt CA. Handling of Certificates Problem

Ursula Nürnberg

Hello,

 

I am new with UTM home. I installed UTM 9.6 last week and checking all needed Services, Websites etc I had some errors.

I also checked with Firewall open, (for a short time to verify that thats not the Problem)

Iouldnt reach : VPN to my company ( Lets Entrypt CA), Home banking,  Mei Cloud (Nextcloud with Lets Encrypt CA) My Webserver (Lets Encrypt CA)

Normal https Websites work.

Ther must be a problem in Handling Lets Encrypt Certificates.

What can I do?

Thnx Ursula Nürnberg

 

Kurz noch mal in deutsch:

Als Neuling in Sachen UTM bin ich prompt auf ein Problem gestossen. Ich komme auf einige wichtige Seiten und Webseiten nicht mehr drauf. So unser Webserver, die eigene Cloud, mei  homeOffice Zugang zur Firma (OpenVPN) und Homebanking gehen nicht mehr. Die ersten der Liste sind alle mit LetsEncrypt Zertifikaten. Zu dem gibt es noch Probleme bei Teamspeak, da bekomme ich keinen Connect zu verschiedenen Servern ( welches Zertifikat dort ist weiss ich nicht).

Es sieht so aus, dass Zertifikate von Lets Encrypt nicht richtig gehandelt werden und so keine Kommunikation zustande kommt.

Was kann ich tun?

Ursula Nürnberg

 

 



This thread was automatically locked due to age.
  • 0

    Hallo Ursula and welcome to the UTM Community!

    The German part of your post mentions Teamspeak, so that makes me think it's not just a problem with Let'sEncrypt.  Does doing #1 in Rulz (last updated 2019-04-17) give you any answers?  If not, what about checking for blocks by Web Filtering?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    Intrusion Prevention, Application Control are disabled by Installation wizard.

    As we have UTM at home, we do not have any ADS or DC.

    #1 in Rulz says it must be a routing problem.

    As my english ist not so good, it will take a little time to understand  Rulz #3 to 5.

     

     

    Wieder kurz nochmal in deutsch, das kann ich halt etwas besser.

    Die UTM ist im wesentlichen so wie sie aus dem Installations wizard kam. Intrusion Prevention, Application Control waren dort schon disabled. im dashboard ist Intrusion Prevention, Application Control bei 0.

    Somit sind die Rulz 3-5 abzuarbeiten. Das wird etwas dauern, bin was diese englischen Texte betrifft etwas außer Übung.

     

    Cheers Ursula

  • 0 in reply to Ursula Nürnberg

    Are you using HTTPS inspection (decrypt and scan)?   I suspect that you are, and that UTM is correctly detecting that the remote site did not install an intermediate certificate.   The easiest solution is to turn off HTTPS inspection.

    There are other workarounds available, if you really want to keep HTTPS inspection enabled.   However, HTTPS inspection requires some administrative skill and labor effort, so I recommend leaving it off if you want simplified administration.

  • 0 in reply to Ursula Nürnberg

    Agreed with Doug.  Before working through 3-5, look at the Web Filtering log.  If you need more help, show a picture of the error message you're seeing and copy the line from the Web Filtering log related to it.

    Cheers und mfG - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to DouglasFoster

    how can i turn off https inspections?

     

    Webfilter Globals is tranparent mode

    Webfilter HTTPS is url filtering only

     

    I changed on both tabs a lot, but no success.  i am confused by all that reading and trying and nothing goes better.

    i read online help in both english an german but didn't find out what to do.

     

     

     

     

     

     

  • 0 in reply to BAlfson

    hi Bob

    The error message i got was Timeout (Zeitüberschreitung)

    and i didnt find the matching in Web Protection log. there is no line matching the webside URl , i had tested with.

     

     

    cheers Ursula

     

     

  • 0 in reply to Ursula Nürnberg

    Bitte Ursula, ich hätte gerne ein Bild der Fehlermeldung gesehen.

    MfG - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

     

    das im Firefox. Die Adresse habe ich parallel vom mobile versucht, da gehts. also ist die Seite da

  • 0 in reply to Ursula Nürnberg

    Ich habe kein Problem, weder mit IE noch mit Firefox, und "Entschlüsseln und scannen" ist ausgewählt.  Hast's mit IE oder Chrome probiert?

    MfG - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    IE nicht möglich, bin unter Ubuntu unterwegs. die Seite war vor dem Routerwechsel kein Problem.

    das war mit Chromium Webbrowser.

Unfiltered HTML