Webadmin Certificate Error NET::ERR_CERT_COMMON_NAME_INVALID

Question

On my windows machine I have installed the "Default" CA as well as the Appliance certificate (which I am also using for SSL/TLS inspection and SSLVPN).

When I try to go to the IP address of the firewall I get this error: NET::ERR_CERT_COMMON_NAME_INVALID

Here are the configs for the Default CA (which I edited with my company info):

/C=US/ST=NY/L=New York/O=<Company>/OU=IT/CN=<FW Internal IP>/emailAddress=<IT Email>

Here are the configs for the Sophos Appliance Certificate:

C=GB/ST=Oxfordshire/O=Sophos/OU=NSG/CN=Sophos SSL CA_MgWOeELjwVbhjqV/emailAddress=support@sophos.com


I'm stuck and not sure what to do! Please let me know what other info is needed to shed some light on this.

This thread was automatically locked due to age.

ThomW · Accepted Answer

Hi. 
 Well The COMMON_NAME_INVALID is an error that you get, when the URL--Hostname you type does not match the Common Name of the certificate. 
 So what you have to achieve that the CN-part in details of the certificate (requester) you use for WebAdmin are the same like you provide in the url. 
 But you provide the IP in the URL. So this could be the problem. 
 When you want to achieve, that you may use the hostname and IP, you have to generate a certificate with alternative names to be able to access the firewall using with multiple names.

ThomW · Answer

Hi Elizabeth Owen . 
 Well it is not possible from the UI as far as I've seen. Comma separation would not do the job as far as I know. 
 With SFOS 18 MR5 there are some modifications within the forms that I've not seen yet.(see Sophos (XG) Firewall v18 MR5 (Build 586) is Now Available - Release Notes & News - Sophos (XG) Firewall - Sophos Community ) 
 But in the documentation the SAN certificates have already been mentioned. (see Generate a locally-signed certificate (sophos.com) ) 
 So check the version of your firewall.

Webadmin Certificate Error NET::ERR_CERT_COMMON_NAME_INVALID

Top Replies