Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 1006 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to fix error: "Following domain(s) will not be covered by selected HTTPS certificate."

Paul McGinnie

I am trying to get my ActiveSync setup to work across my Sophos XG 18.5.3 MR-3 install.

I follow the recipe found at https://support.sophos.com/support/s/article/KB-000040209?language=en_US

When I try to save the firewall rule mentioned towards the bottom of the article I get an error:

"Following domain(s) will not be covered by selected HTTPS certificate 'My Mail Cert':

1. mail.mcginnie.plus.com"

This would seem to defeat the entire point of the access rule. So I tried creating another certificate using a CSR with some extra SANs, but get the same sort of result - the error denies that the addresses I want encrypted will work properly.

I can see there is one reference to this sort of error here (https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/129866/automated-certificate-renewals-with-waf-and-cloudflare) where this error is suggested to be ignored.

My setup isn't working - is that because of this error or the recipe is incomplete?

Regards,

    Paul McGinnie



This thread was automatically locked due to age.
Parents
  • 0

    This rule now works as it should but still gives the error - the prior failure was due to my error in using a FQDN.
    So the recipe works, but tells you that it won't - so just an front end problem it appears!

    This combined with the the prepopulation of the domains field with multiple SANs in some circustance, but not others means that there are features here that are not being explained or documented correctly.

    Regards,

    Paul

Reply
  • 0

    This rule now works as it should but still gives the error - the prior failure was due to my error in using a FQDN.
    So the recipe works, but tells you that it won't - so just an front end problem it appears!

    This combined with the the prepopulation of the domains field with multiple SANs in some circustance, but not others means that there are features here that are not being explained or documented correctly.

    Regards,

    Paul

Children
No Data
Unfiltered HTML