This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Expected issuer using Windows root CA

Hello,

I am trying to use my own root CA in XG for HTTPS decrypt and Captive Portal, I have successfully installed the root CA under Certificate Authorities and I can select it for HTTPS Decrypt.

Now I have generated a Signed Certificate from this root CA and uploaded it to the Certificates tab, but it is marked with a red cross saying Expected Issuer but the CA is there with the same name.

My appliance is currently running on 17.5.9.

Thanks.

This thread was automatically locked due to age.

0 Rodrigo Silveira over 4 years ago

Tested with the same certificate files on another XG 310, same issue, tested on a XG 135 running SFOS 17.5.3 and it worked, maybe it is a bug in 17.5.9?
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 4 years ago

Hi Rodrigo Silveira

When you perform the test with different firmware, you have performed the same steps and files for certificate and it works in Mr-3 but not working in MR-9, please correct me if I am missing something.

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 4 years ago
That's strange!

Perform these steps:

delete the certificate

go to advanced shell and type: tail -f /log/*.log | grep certificate

upload the certificate

check from the advanced shell the error you get when you try to upload the file

I am not sure but the error should be in "validationError.log" if I am not mistaken.

Share the result.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rodrigo Silveira over 4 years ago in reply to Keyur

Yes, that's right, I've tested with the same certificate files on a different appliance and an older firmware and it worked.

On XG 310 17.5.9

On XG 210 17.5.3

Same files, same CA.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rodrigo Silveira over 4 years ago

Well... that's weird, I've deleted the certificate and CA from the firewall, uploaded both again and now it worked.

Did nothing different from previous attempts.

Anyway, thank you for the support.
Cancel
Vote Up 0 Vote Down

Cancel