Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18 MR3 use incorrect certificate in web Warn/block page

Tanapol Euaungkanakul

Hi,

I found problem in MR3 (working fine in previous release MR-1-Build396)

When user access to Blocked or Warn web
Sophos just use default certificate instead of selected one and also didn't issued to valid firewall host name

v18 MR1 is work fine  it just use Cert that I configured in "Admin console and end-user interaction" menu

SSL interception and user portal still use correct certificate

Screenshot: www.dropbox.com/.../2020-10-19_17-05-13.png



This thread was automatically locked due to age.
  • 0 in reply to Tanapol Euaungkanakul

    You guys all use a own certificate, not the sophos certificate. 
    Is this a CA or a "normal" certificate? Is it a wildcard? Can we try to find a matching pattern?

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I'm using a cert generated with the XG interface made out to the host name of XG.

    The XG interface describes it has a self-singed cert which I don't feel is accurate because it is actually not self-signed but rather signed by the device CA cert:

  • 0 in reply to LuCar Toni

    I'm using standard wildcard cert. purchased  for user portal

    and self-signed CA for HTTPS Decryption

  • FormerMember
    0 FormerMember in reply to Tanapol Euaungkanakul

    Hi ,

    Thank you for the update. 

    Did you open a support case for this issue? If not, please open a support case at support.sophos.com to further investigate and PM me the support case number.

    Thanks,

  • 0 in reply to FormerMember

    Hi  My case number is 03248790 which I open long time ago

    but for some reason I just can't access that case anymore (no permission on to view that case) and no longer get any response! 

    Last response I get is just ask my to read KB for how to setup SSL which is helpless because I already configured correctly  

    ps. I just open new case ID : 03372707

  • +1

    Hi, Just got response from Sophos and working workaround 

    According to Technical Support 

    Tanapol, 

     This is regarding support case 03248790 and the reported issue with certificate warnings while browsing to Webadmin. 

    The screen shots you have provided were helpful in diagnosing the issue, this appears to be a known behavior in the 18.0.3 MR-3 firmware version. After upgrading the firmware to this version, users will need to regenerate and or remove then re-add there certificates. 

    When browsing to [Firewall Domain].com which is the firewalls webadmin portal, you see your firewalls default SSL certificate and firewall serial number. The firewall is configured not to use this, as observed in the screen showing Admin settings, however, this is expected with this firmware version.

    I try to re-add my cert.+key and now warn/block page are working again.

    Please note that my Cert. is purchase from trust CA that mean I have to completely remove my Cert. from VPN/Portal etc... and delete cert.

    In my case I also have to delete ALL CA in certification path (if any) then re-add just like when you setup it for the first time,

    re-add only cert without delete and re add CA in the path of that cert first just won't work for me.

Unfiltered HTML