Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal.
Captive portal is using SOPHOS cert which is not correct in my setup. See below images.
Have tried fresh re-install, upgrade removing and re-adding the cert an CA detail - not working.
I am having the exact same issue, this was working correctly before the update to SFOS 19.0.0 GA-Build31. The admin page and user portal are using the correct certificate selected under Admin console and end-user interaction, put the captive portal (port 8090) is using the appliance certificate instead.
Hello Simon Enjamio Gomez,Can you just double check if the default cert from certificate > certificate authorities in installed in the client machine and has the details filled in properly after you updated the firmware ?
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
The certificate is not on the client machine as this is used to ask for authentication on BYOD mobiles which do not have the client cert installed. We are using a LetsEncrypt certificate so that the mobiles are not presented with an invalid certificate. This worked perfectly in 18.5 as the mobiles were presented the captive portal with the LetsEncrypt certificate which they will trust by default.
The admin page and user page both present the LetsEncrypt cert as expected.
EDIT: I have reverted back to SFOS 18.5.3 MR-3-Build408 and the expected behaviour has returned (Captive portal is using LetsEncrypt cert as expected).
Simon, same experience. One migration to version 19 the Sectigo cert is used for Admin and user portabl. Captive portal is using appliance certificate which is not correct.
This is clearly a bug that on upgrade the captive portal is broken. I've rolled back to 18.3 cannot use 19 with this issue.
Hello Simon Enjamio Gomez & Andrew LaingThank you for the clarification that the cert used is let's encrypt, please refer the doc: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/108931/letsencrypt-how-to-in-xg
I am not using a let's encrypt, I have never followed these steps - my cert has always worked seamlessly without the steps in the link above.
Hello Andrew Laing,To address this situation further, please contact Sophos Support. If there are any changes parameters in v19 then those can be address and rectified by support team
Please confirm you will pass this on accordingly.