This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change of Sophos XG SSL/TLS Certificates after Apple restricts validity period to 398 Days?

Hi,

Apple recently announced the they will set the highest allowed validity period for all Certificates to 398 Days. Obviously the certificates built in XG are much longer valid. Will there be a change to the certificates in XG to make them valid for Apple Devices after the first September 2020?

I hope that Sophos won't wait with this Fix too long, so that SSL/TLS Decryption will be impossible again in September like it was after the release of the latest iOS last year.

This thread was automatically locked due to age.

0 Dwayne Parker over 4 years ago

FloSupport could you please investigate this and post a offical statement?

Regards Dwayne Parker

_______________________________________________

Sophos XG User
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to Dwayne Parker

I do not understand this process.

First they moved to max 2 825 Days: https://support.apple.com/en-us/HT210176 now they move to 398 Days.

Could they at least get a standard running? I mean, changing this every time / each year is not easy to deal with...

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 FloSupport over 4 years ago in reply to Dwayne Parker

Hey Dwayne,

Let me follow up with the team. Will reply back when I have more info.

Thanks,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
+1 FloSupport over 4 years ago in reply to FloSupport

Hi All,

This issue only affects certificates signed by pre-installed Root CAs (Verisign and the like). Sophos will not be affected and are not required to make any changes.

Reference: https://support.apple.com/en-us/HT211025

Thanks,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel