We'd love to hear about it! Click here to go to the product suggestion community
Installing Sophos Client Authentication agent on Mac Catalina, the client is not usable as the "server is not trustworthy"
I am not able to add the certificate der file inside shared folder.
CAA version is 2.0.0, downloaded from XG v18 Client Authentication menu
In reply to rfcat_vk:
Do you have the issue with 17.5.9 only with Catalina or also with earlier versions?
In reply to Sivu:
I only have issues with mail scanning on Catalina, HTTPS scanning works. I am still investigating my iPhone https scanning, the iPad works with https scanning.
I have been concentrating on getting an v18 EAP box working.
I was referring exclusively to the Authentication Agent, if there are any issues authenticating against different XG versions from different macOS versions.
I don't use the authentication agent. I made the wrong assumption about the abbreviation CAA, my apologies.
Hi, i have the issue with catalina in 17.5.6 and 17.5.9. With macOS Versions lower Catalina there is no problem with the Auth Agent.
In reply to 4ng3er:
I shared the XG connection and he identified the issue. It is a known bug and will be fixed. Stay tuned!
So that we are all on the same page: there are 2 issues happening at the moment.
1. The CAA installer on macOS Catalina does not work, because the certificate cannot be drag-and-dropped inside the Shared folder. As a workaround, one can use Finder to manually copy the .der file into Shared folder.
2. Some macOS and XG setup combinations have a trust issue, meaning the user will see an error message "Server is not trustworthy!" after which the CAA terminates.
As of now, Catalina works with v17.5 and v17.5.9, but does not work with v18. Therefore I assume you are having issue no.1 and not 2. Is this correct or are you referring to no. 2 ?
Client Authentication Agent.zip
lferrara and everyone else, the macOS agent is fixed and will be released in the upcoming days, after some more testing. I've also attached it here in case someone needs it earlier.
Thanks everybody for the detailed reports of the issue. Reference ID is NC-51749.
I download the CAA and trying to execute it, same error arises....
In reply to lferrara:
I am here to provide more logs. Let me know via PM. Thanks
Just an update for everyone:
I have been in contact with Sivu and Sophos found the issue and is now working on release a package that works on MAC Catalina 10.15.1.Thanks Sivu for your fast support.
Thank you for staying on top of this.
And I thank you for your support while investigating the issues.
The latest macOS client 2.1.0 is published and publicly available.
It is still not possible to drag-and-drop the certificate using the CAA installer, we have an opened ticket targeting this issue. Due to some restructuring, the resolution to it will probably be delayed.
As a workaround, Finder (without or together with the CAA installer) can be used to put the certificate into the Shared folder. A KB should follow sometime soon.
In case the new App cannot be opened because of the Gatekeeper error "...can't check for Malware", don't worry, we are in the process to notarize the App. Until this comes into effect, right-click on the App icon and click "Open" so that the quarantine flag of CAA is cleared. This needs to be done only once, from there on the App can be launched normally.
I can confirm that works on my MAC 10.15.2.
Thanks Sivu. It was a pleasure to collaborate with you.