Sophos Firewall

Discussions Owned SSL Cert not working in captive portal SFOS 19.0.0 GA-Build31

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
+1 person also asked this people also asked this
Locked Locked
Replies 15 replies
Subscribers 38 subscribers
Views 3858 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Owned SSL Cert not working in captive portal SFOS 19.0.0 GA-Build31

Andrew Laing over 1 year ago

Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal.

Captive portal is using SOPHOS cert which is not correct in my setup. See below images.

Have tried fresh re-install, upgrade removing and re-adding the cert an CA detail - not working.

This thread was automatically locked due to age.

0 Andrew Laing over 1 year ago

...
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Andrew Laing

Hello Andrew Laing,

Under the Administration > Admin and user setttings >

Please check and revert.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Andrew Laing over 1 year ago in reply to Vivek Jagad

Hi Vivek,

The certificate is set to the SSL certificate I have purchased. It is working fine in the ADMIN console but the captive portal is not working.

Furthermore the user portal is using the correct certificate.

The issue seems to be only with the captive portal for user sign on - please investigate and revert.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Andrew Laing

In that case, use the following KBA: https://support.sophos.com/support/s/article/KB-000036904?language=en_US
It will also help you use a secure cert rather than the error insecure !!

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Andrew Laing over 1 year ago in reply to Vivek Jagad
Cancel
Vote Up 0 Vote Down

Cancel
0 Andrew Laing over 1 year ago in reply to Vivek Jagad

Why would the certificate that I own work fine in the user console and admin portal, I do not want to use the appliance certificate!

There is an issue with the captive portal using the appliance certificate and not the SSL certificate specified, why would it work for the user portal and admin portal?

Please investigate, again I will not use the appliance certificate - this defeats the purpose of an SSL certificate.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Andrew Laing

So, I just replicated in my test environment: SFVUNL (SFOS 19.0.0 GA-Build317)

Step:1 Created a self signed cert locally:

Step-2 Assigned it under the admin & user settings

Step-3 Ensured the details under the certificate > certificate authorities > default cert is filled properly.

Step-4 downloaded the cert and installed that cert under the MMC > Trusted root certificate under the client machine.

Step- 5 Access the captive portal:

This worked for me, can you check if you have proper details filled under the default cert certificate > certificate authorities and if that default cert is installed in the client machine ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Enjamio Gomez over 1 year ago

I am having the exact same issue, this was working correctly before the update to SFOS 19.0.0 GA-Build31. The admin page and user portal are using the correct certificate selected under Admin console and end-user interaction, put the captive portal (port 8090) is using the appliance certificate instead.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to Simon Enjamio Gomez

Hello Simon Enjamio Gomez,

Can you just double check if the default cert from certificate > certificate authorities in installed in the client machine and has the details filled in properly after you updated the firmware ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Enjamio Gomez over 1 year ago in reply to Vivek Jagad

Hi Vivek

The certificate is not on the client machine as this is used to ask for authentication on BYOD mobiles which do not have the client cert installed. We are using a LetsEncrypt certificate so that the mobiles are not presented with an invalid certificate. This worked perfectly in 18.5 as the mobiles were presented the captive portal with the LetsEncrypt certificate which they will trust by default.

The admin page and user page both present the LetsEncrypt cert as expected.

EDIT: I have reverted back to SFOS 18.5.3 MR-3-Build408 and the expected behaviour has returned (Captive portal is using LetsEncrypt cert as expected).
Cancel
Vote Up 0 Vote Down

Cancel