Compatibility CAA - Mac Catalina - bug

Installing Sophos Client Authentication agent on Mac Catalina, the client is not usable as the "server is not trustworthy"

I am not able to add the certificate der file inside shared folder.

CAA version is 2.0.0, downloaded from XG v18 Client Authentication menu

 

Regards

  • In reply to rfcat_vk:

    Do you have the issue with 17.5.9 only with Catalina or also with earlier versions?

  • In reply to Sivu:

    Hi Sivu,

    I  only have  issues with mail scanning on Catalina, HTTPS scanning works. I am still investigating my iPhone https scanning, the iPad works with https scanning.

    I have been concentrating on getting an v18 EAP box working.

    Ian

  • In reply to rfcat_vk:

    Hi Ian,

     

    I was referring exclusively to the Authentication Agent, if there are any issues authenticating against different XG versions from different macOS versions.

     

    Sivu

  • In reply to Sivu:

    Hi Sivu,

    I don't use the authentication agent. I made the wrong assumption about the abbreviation CAA, my apologies.

    Ian

  • In reply to Sivu:

    Hi, i have the issue with catalina in 17.5.6 and 17.5.9. With macOS Versions lower Catalina there is no problem with the Auth Agent.

  • In reply to 4ng3er:

    4ng3er,

    I shared the XG connection and he identified the issue. It is a known bug and will be fixed. Stay tuned!

  • In reply to 4ng3er:

    So that we are all on the same page: there are 2 issues happening at the moment. 

    1. The CAA installer on macOS Catalina does not work, because the certificate cannot be drag-and-dropped inside the Shared folder. As a workaround, one can use Finder to manually copy the .der file into Shared folder.

    2. Some macOS and XG setup combinations have a trust issue, meaning the user will see an error message "Server is not trustworthy!" after which the CAA terminates.

     

    As of now, Catalina works with v17.5 and v17.5.9, but does not work with v18. Therefore I assume you are having issue no.1 and not 2. Is this correct or are you referring to no. 2 ?

  • In reply to 4ng3er:

    Client Authentication Agent.zip

     and everyone else, the macOS agent is fixed and will be released in the upcoming days, after some more testing. I've also attached it here in case someone needs it earlier.

    Thanks everybody for the detailed reports of the issue. Reference ID is NC-51749.

  • In reply to Sivu:

    Thanks Sivu.

    I download the CAA and trying to execute it, same error arises....

  • In reply to lferrara:

    I am here to provide more logs. Let me know via PM. Thanks

  • In reply to lferrara:

    Just an update for everyone:

    I have been in contact with  and Sophos found the issue and is now working on release a package that works on MAC Catalina 10.15.1.
    Thanks Sivu for your fast support.

    Stay tuned!

  • In reply to lferrara:

    Thank you for staying on top of this.

  • In reply to lferrara:

    And I thank you for your support while investigating the issues.

    The latest macOS client 2.1.0 is published and publicly available.

     

    It is still not possible to drag-and-drop the certificate using the CAA installer, we have an opened ticket targeting this issue. Due to some restructuring, the resolution to it will probably be delayed.

    As a workaround, Finder (without or together with the CAA installer) can be used to put the certificate into the Shared folder. A KB should follow sometime soon.

     

    In case the new App cannot be opened because of the Gatekeeper error "...can't check for Malware", don't worry, we are in the process to notarize the App. Until this comes into effect, right-click on the App icon and click "Open" so that the quarantine flag of CAA is cleared. This needs to be done only once, from there on the App can be launched normally.

  • In reply to Sivu:

    I can confirm that works on my MAC 10.15.2.

    Thanks Sivu. It was a pleasure to collaborate with you.