This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HSTS on Transparent Proxy breaks authentication after Certificate renew

JFS2019 over 4 years ago

Hi. We had to renew the Proxy CA Certificate (Signing CA) because it would run out.

After this users complained that they can not log in to internet.

We use Browser based authentication here which forwards user to something like "https://passthrough.fw-notify.net/static/auth_transparent.html?return=http://google.de/"

Because Certificate changed for https://passthrough.fw-notify.net we had to clear Website Settings in Chrome and Firefox to allow bypassing the certificate warning coming from hsts enabled virtualhost on sophos web protection.

On Internet Explorer it seems to be a Website Setting held in registry.

Is this a Bug or known behavior?

This thread was automatically locked due to age.

0 BAlfson over 4 years ago

Hallo and welcome to the UTM Community!

Did you distribute the new Proxy CA to all of your users? What line do you see in the Web Filtering log when a block occurs from this? What did you clear in Website Settings in Firefox?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel