Certificate is already used in HTTP-based policy

Question

Hi, 
 I'm somewhat a newbie with Sophos and I'm working on a XG-135 that someone else setup that is no longer with the company. I do have a lot of firewall experience, but not with Sophos... I have a few questions... 
 1. When trying to delete a certificate I get this error: Certificate could not be deleted. Certificate is already used in HTTP-based policy. 
 How is the best way to locate the specific policy that it is complaining about? It wouldn't take much for the Sophos engineers to give us the name when it issues the error. It obviously found an item that caused a violation, so why not report it back to us users along with the error it reports... 
 2. With firewall rules that are already in place, if I were to turn them off one by one, would the validation process that occurred in question #1 above still be run. In other words, whether or not a rule is enabled or disabled, would that rule be totally ignored by any validation process? I would hope that if it was disabled (turned off) it would be completely ignored, which would be much easier to troubleshoot. Enable the rule and the issue returns, turn it off and the issue goes away, and bingo you now know what rule to work on... 
 
 Thanks, 
 Stanley

lferrara · Accepted Answer

Unfortunately you cannot. 
 You can export the full configuration and search into xml files.

stanlyn · Answer

Thanks Luk, Using this approach I quickly found the offender with my XML editor. After fixing it I was able to delete the certificate and fix the issue about the HTTP-based policy and another error. I still some work to do, but this allowed the site back up again. Take a look at the screenshot, particularly at 4 pieces of data. 1st is what I searched for "gd md cert", 2nd piece is the data containing what I searched for, 3rd is the "HPPTBased" word in the data and finally the name of the rule that it was in "SLA Exchange OWA" and all from the config export. 
 Thanks for pointing this out...