Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
We're having issues with some Ring Central pages being blocked. You'll see an error like:
But the certificate details look reasonable to me. In the SGX I find:
The certificate in the block message looks the same as the second certificate to me, though the version on the XGS has "GoDaddy.com, Inc." instead of "GoDaddy.com Inc.". I may be misunderstanding this though.
This one seems odd to me. support.ringcentral.com use a different cert than success.ringcentral.com.
Success has a digicert, which seems to be invalid. (see bitmask)
The support works on TLS1.3 and has a valid chain:
And the problem is: If you access "success.ringcentral.com" it will forward you to "support.ringcentral.com".
I assume, they simply forget to replace the certificate on the success.
Try support.ringcentral.com, this one should work. You could create a ticket and explain this to the vendor of the website.
Looking at the Cert, they use for success:
You can also import the CA of the GoDaddy Website, which includes all CAs.
https://certs.godaddy.com/repository/
https://certs.godaddy.com/repository/gd_bundle-g2.crt
And import them as a validation CA. This will fix this for you.
Seems like they use a CA, which is not publicly known to everybody. Sophos XG is not automatically importing each and every CA of every vendor.
__________________________________________________________________________________________________________________
