expiration warning Proxy-CA after renew

After we renew the Proxy CA cert on every day the admin receive an email with an expiration warning of the old certificate. 
We can download the right certificate from the UTM for the clients (http_proxy_signing_ca.cer).

Reboot not helps.

It is only a cosmetical bug? How can we resolve this?

 

Thanks Heiko

  • Hi, Heiko, and welcome to the UTM Community!

    At least one other person has reported this here, so I suspect it's a bug.  Before 9.5, there were no such warnings.  If you examine the Proxy CA, I think you'll see that it expires in 2038.

    A support ticket would not be inappropriate.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob,

    thank you for reply and your answer. Expiration after the renewal is in 2020. Because the customer didn't have a Support contract, we cannot open a Service request. Had called to Sophos Germany already. I think, we have to wait.

    Kind regards Heiko

  • Definitely a bug, i have the same issue on several UTMs

  • In reply to KennethHolmqvist:

    Thanks Kenneth,

    many thanks for your answer.

    if it is a cosmetical bug only, it's not a big problem. The CA expiration time will be in about 14 days. Question is, what really will happens. The Proxy will works fine after this date or not.

     

    Cheers Heiko

  • In reply to hschoene:

    Mine is in 30 days, I don't think it will matter i my case since i don't do any SSL MITM/intercepting in the webproxy. I do only use HTTPS URL Filtering

  • In reply to hschoene:

    Just to be clear, guys, we're talking about the Proxy CA ("Signing CA") downloaded from the 'HTTPS CAs' tab in 'Web Filtering >> Filtering Options' - right?

    I can't believe that doesn't show 2038...

    Cheers - Bob

  • In reply to BAlfson:

    Yes, we are talking about the Proxy CA and it is valid for three years from time of creation.

     

    I have the same behaviour on several machines (getting expiration warnings after having recreated the CA).

     

    I belive it's cosmetical but a bug.

     

    BR,

    Michael

  • In reply to firmwareking:

    Cheers - Bob

  • In reply to BAlfson:

    Try to create a new one...

    Guess your certificate has been created with 6.x or 7.x. Things changed since...

    BR,

    Michael

  • In reply to firmwareking:

    Generated in 2012 with 8.3, but I see that the behavior has changed - interesting!

    Cheers - Bob