Certificate is already used in HTTP-based policy

Stanley,

for the point 1, check if the CA is used for the Amin Console under Administration > Admin Settings or in any Business Application Rule (the icon is a 24hours suitecase).

For the point 2, it is not clear to me. Can you explain a little bit better?

Thanks

Hi Stanlyn,

the only way is to delete the certificate from all locations.

Please feel free to create a feature request.

Ian

Ian:

a feature request already exists on it.

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10812132-force-delete-object

This feature was available on UTM9 where when the admin tried to delete an object, the warning window points out where the object is used before deleting it. This is a nice feature that XG misses.

Any FW rules regarding Hosted Webservers with certificates defined?
I once ran into the same issue (and the same warning) when trying to renew certificates.

Hi Luk,

#2 explained.

When making a change to a firewall rule and clicking the "save" button, the systems goes out and validates whether or not the new change can be applied and if validation passes we get the green notification that the save was successful.  My question is this...  Does the validation process "factor in" the rules that are disabled and only validate the enabled rules?

If the disabled rules are NOT factored in the validation process, then we could disable and enable until we found the offending rule...  When troubleshooting, we could also get a lot of rules temporally out of the equation by disabling them.  Note that I'm only talking about troubleshooting an issue that XG is not willing to tell us where the issue is located.

Hope that helps.

Stanley

Hi Ian,

How do you tell where it is being used?  That is where some of the frustration comes from dealing with vague messages.  I spent hours last night and see nothing that clearly points to their locations.  That is why I mentioned it would be extremely helpful if the engineers would add the offending rule or object to its message to the user.  If that were done, it would be easy to locate and fix.

Thanks, Stanley

Hi Luk,

A valid and unexpired Sophos cert is located where you said and I'm not having any issues with it.  I am renewing a GoDaddy multi domain cert and currently it is used by an un-identified object that is preventing its deletion.

Thanks, Stanley 

Stanley,

please share the screenshots.

Regards

Is this what you wanted?

Thanks.

Is this the certificate that you want to delete?