Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safari seld signed certificate error : cannot connect to web gui

Hi all,

 

I have an XG310 Cluster with firmware 16.5 and a big problem with my safari.

After a fresh new installation of MacOS High Sierra, suddenly Safari won't connect to XG web gui console https://192.168.x.y:4444/

It's a self signed certificate problem, even If I enable the trust of the certificate through the safari two step process in the web page ( as for others https websites ) , it continues to ask me in an endless loop this two "questions" to enable the trust to XG web gui URL address.

In the keychain I enable the trust of the appliance with no luck, and if I enable the trust for everything in that certificate, the URL return an http 400 error "Bad request". 

I know that there are new safari security policies, I tried to get around them but without success, clearing cache manually , removing cache.db and so on...

I read here in this community the topic ( https://community.sophos.com/products/xg-firewall/f/authentication/90839/safari-can-t-establish-a-secure-connection-to-xg-firewall---chrome-ff-ok ) but it was of no help to me.

Any ideas?

The bad request error it's weird.

One last thing. Firewall IP address is not "DNS mapped" , there is no name IP record in our DNS system.

I tried to map our firewall IP address to a name in our DNS server ( Active Directory domain DNS ) and with the name address url it works...

But I want to access to the appliance URL with IP not with address...

One last thing. My office colleague , same operative system (iMac with High Sierra ) same exact problem...

 

Any ideas???

 

best regards to all,

 

Simone

 

 

 

 

 

Simone



This thread was automatically locked due to age.
  • I got the same problem. I submitted a bugreport to Apple, and after a bit of troubleshooting with a Apple, they suggested, that I disable Sophos Security from my mac.

    After uninstalling Sophos from my mac, I was again able to connect to webservers with selfsigned ssl certificates.

    My firm doesn't allow machines to be unprotected, so for now I'll use Firefox, when I need to login to network units with selfsign certificate.

    While troubleshooting this problem, I tried all different settings in the Sophos client (version 9.7.4 of Endpoint), but as long as it was installed, Safari didn't work correctly.

     

    Kind regards

    Lars

  • I had the same problem, and have to use another browser too, because you can solve a specific problem adding the https website in the whitelist in Sophos Client. But it is not an envisaged scenario when you have to do that everyday.