Release of SWA v4.3.9.1 - Mac OS Catalina, iOS 13 and certificate trust changes

We've just started the rollout of version 4.3.9.1 of the Sophos Web Appliance software. This update is a small one, aimed at ensuring compatibility with the new version of macOS, Catalina (version 10.15) and iOS 13.

In Catalina, Apple have updated the criteria that the operating system will enforce when validating TLS certificates. You can find out more information about the change on Apple's website.

We have updated the way that we create certificates for HTTPS decryption so that they are compliant with Apple's new checks. Without this update, devices running the new operating systems might see certificate warnings where they didn't before, and may be blocked from visiting some sites. After updating, this problem should resolve itself without any further action being required.

We have also changed the way that we generate the certificate used for the Admin UI and for end-user notifications and interactions, such as Sandstorm downloads, warn/proceed and time quota usage.

If you have end-users running macOS Catalina and your Web Appliance is using a Sophos-generated UI certificate, those users may begin to encounter certificate validity warnings when interacting with the Web Appliance. To resolve this problem, you should re-generate the certificate. To do this, log in to your Web Appliance, navigate to Configuration > Systems > Certificates, select the UI & Portal certificate tab and click 'Regenerate certificate'.