Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Subscribers 41 subscribers
  • Views 7100 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate is already used in HTTP-based policy

stanlyn

Hi,

I'm somewhat a newbie with Sophos and I'm working on a XG-135 that someone else setup that is no longer with the company.  I do have a lot of firewall experience, but not with Sophos...  I have a few questions...

1. When trying to delete a certificate I get this error:  Certificate could not be deleted. Certificate is already used in HTTP-based policy.

How is the best way to locate the specific policy that it is complaining about?  It wouldn't take much for the Sophos engineers to give us the name when it issues the error.  It obviously found an item that caused a violation, so why not report it back to us users along with the error it reports...

2. With firewall rules that are already in place, if I were to turn them off one by one, would the validation process that occurred in question #1 above still be run.  In other words, whether or not a rule is enabled or disabled, would that rule be totally ignored by any validation process?  I would hope that if it was disabled (turned off) it would be completely ignored, which would be much easier to troubleshoot.  Enable the rule and the issue returns, turn it off and the issue goes away, and bingo you now know what rule to work on...

 

Thanks,

Stanley



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    Thanks Luk,  Using this approach I quickly found the offender with my XML editor.  After fixing it I was able to delete the certificate and fix the issue about the HTTP-based policy and another error.  I still some work to do, but this allowed the site back up again.  Take a look at the screenshot, particularly at 4 pieces of data.  1st is what I searched for "gd md cert", 2nd piece is the data containing what I searched for, 3rd is the "HPPTBased" word in the data and finally the name of the rule that it was in "SLA Exchange OWA" and all from the config export.

    Thanks for pointing this out...

     

     

     

Children
No Data
Unfiltered HTML