Hi everyone!
We are using a Sophos XGS2300 (SFOS 19.0.1 MR-1).
We uploaded a pfx-certificate to the WAF which specifically included only the webserver certificate itself and its intermediate certificate.
But, when we check the site with a tool like https://www.ssllabs.com/ssltest/ we see that the server (e.g. the Sophos Firewall) also sends the root certificate. Which is not what we want and which we don't see when we check sites like microsoft.com.
Are we correct to assume that this is done by the XGS? Is that intentional? Is there a way to circumvent this?
Thanks!
Best regards,
Markus
Hello,
any news/suggestions on this?
Can someone at least clarify if this is an intentional behavior by Sophos Firewall?
Hi Markus Quirmbach My belief is that it is expected as sometimes not sending a complete chain for CA, may failing some of the PCI scans results but let us take additional input from AttilaKovacs & bobbylamon the same if they have any additional comments on it.
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
Hi Vishal_R,
have you heard anything new from AttilaKovacs and/or bobbylam ?