We're having issues with some Ring Central pages being blocked. You'll see an error like:
But the certificate details look reasonable to me. In the SGX I find:
The certificate in the block message looks the same as the second certificate to me, though the version on the XGS has "GoDaddy.com, Inc." instead of "GoDaddy.com Inc.". I may be misunderstanding this though.
This one seems odd to me. support.ringcentral.com use a different cert than success.ringcentral.com.
Success has a digicert, which seems to be invalid. (see bitmask)
The support works on TLS1.3 and has a valid chain:
And the problem is: If you access "success.ringcentral.com" it will forward you to "support.ringcentral.com".
I assume, they simply forget to replace the certificate on the success.
Try support.ringcentral.com, this one should work. You could create a ticket and explain this to the vendor of the website.
Looking at the Cert, they use for success:
You can also import the CA of the GoDaddy Website, which includes all CAs.
https://certs.godaddy.com/repository/
https://certs.godaddy.com/repository/gd_bundle-g2.crt
And import them as a validation CA. This will fix this for you.
Seems like they use a CA, which is not publicly known to everybody. Sophos XG is not automatically importing each and every CA of every vendor.
__________________________________________________________________________________________________________________
