This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL ISSUE

Hello all ,

When i open my Sophos firewall admin console web page i got certificate invalid so i looked at the chain which i received

and i found that it is contained of two certificates first is a self sign root certificate ( Default ) and second is the appliance certificate which

is singed be the first certificate ( Default ) due to that i export the root certificate and add it to my trusted CA in the chrome browser

but it doesn't work as i expected i am still got certificate invalid when i open the firewall web console page

so can anyone explain that to me .

Thanks

This thread was automatically locked due to age.

Parents

0 Keyur over 4 years ago

Hi Hesham Mahmoud1

Please refer to the given articles.

https://community.sophos.com/kb/en-us/127287

https://community.sophos.com/kb/en-us/132678

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Hesham Mahmoud1 over 4 years ago in reply to Keyur

Hi Keyur ,

Many thanks for you but i did already read and understanding those articles so i asked my question why when i import the root certificate ( Default ) which already sign

the appliance certificate to my trusted root CA it doesn't work it is the concept here .
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 4 years ago in reply to Hesham Mahmoud1

Hi Hesham Mahmoud1

Did you try to add the certificate in MMC console?

Please refer the article for the same - https://community.sophos.com/kb/en-us/123048

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
+1 rfcat_vk over 4 years ago in reply to Hesham Mahmoud1

Hi,

are you logging on using the FQDN of the firewall or the IP address. If the IP address you will get that error.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Hesham Mahmoud1 over 4 years ago in reply to Keyur

Yes i did that but still have the same issue
Cancel
Vote Up 0 Vote Down

Cancel
0 Hesham Mahmoud1 over 4 years ago in reply to rfcat_vk

Yes indeed i am using the ip address can you tell me how to use the FQDN of the firewall to check if it work .
Cancel
Vote Up 0 Vote Down

Cancel
+1 rfcat_vk over 4 years ago in reply to Hesham Mahmoud1

Hi,

Use the device name in the CA to create a FQDN using the internal address and do not tick advertise on the internet box.

The above screenshot is from the Network -> DNS tab.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

+1 rfcat_vk over 4 years ago in reply to Hesham Mahmoud1

Hi,

Use the device name in the CA to create a FQDN using the internal address and do not tick advertise on the internet box.

The above screenshot is from the Network -> DNS tab.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Hesham Mahmoud1 over 4 years ago in reply to rfcat_vk

Thank you very much the ip address is causing this problem because i forget to use the CN instead of the ip address when i use the CN it working fine

but without adding FQDN because the firewall is already can mapping the name of the device to the public ip address .
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to Hesham Mahmoud1

Hi,

the reason not to use the external address is you have to enable external access to your firewall which is something you should try to avoid and unless yo u have a static external IP address if your link fails you cannot connect to your XG. This is based on my experiences.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel