Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate is already used in HTTP-based policy

Hi,

I'm somewhat a newbie with Sophos and I'm working on a XG-135 that someone else setup that is no longer with the company.  I do have a lot of firewall experience, but not with Sophos...  I have a few questions...

1. When trying to delete a certificate I get this error:  Certificate could not be deleted. Certificate is already used in HTTP-based policy.

How is the best way to locate the specific policy that it is complaining about?  It wouldn't take much for the Sophos engineers to give us the name when it issues the error.  It obviously found an item that caused a violation, so why not report it back to us users along with the error it reports...

2. With firewall rules that are already in place, if I were to turn them off one by one, would the validation process that occurred in question #1 above still be run.  In other words, whether or not a rule is enabled or disabled, would that rule be totally ignored by any validation process?  I would hope that if it was disabled (turned off) it would be completely ignored, which would be much easier to troubleshoot.  Enable the rule and the issue returns, turn it off and the issue goes away, and bingo you now know what rule to work on...

 

Thanks,

Stanley



This thread was automatically locked due to age.
Parents
  • Stanley,

    for the point 1, check if the CA is used for the Amin Console under Administration > Admin Settings or in any Business Application Rule (the icon is a 24hours suitecase).

    For the point 2, it is not clear to me. Can you explain a little bit better?

    Thanks

  • Hi Luk,

    A valid and unexpired Sophos cert is located where you said and I'm not having any issues with it.  I am renewing a GoDaddy multi domain cert and currently it is used by an un-identified object that is preventing its deletion.

    Thanks, Stanley 

Reply
  • Hi Luk,

    A valid and unexpired Sophos cert is located where you said and I'm not having any issues with it.  I am renewing a GoDaddy multi domain cert and currently it is used by an un-identified object that is preventing its deletion.

    Thanks, Stanley 

Children