Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

warning page access to web console admin sophos xg

Hi all,

today i need to understand something about sophos certificates

just at the beginning of the year it was impossible for me to access the administration console of sophos, so I emptied the cache of the browser then I was able to authenticate myself on the warning page of the console.

I discover that the certificate for access to the admin console expired on 01/01/2023

so as you see on the captures, I have two lines in the certificates tab

The second line, i know it's the expired certificate but the first idon't know

But in the first capture it redirects me to "appliancecertificate" and it does not redirect me to "certificat" (which is expired)

1-i don't understand this
2- How can i coorect this situation ( warning page acces to webadmin console)

Thanks


This thread was automatically locked due to age.
Parents Reply Children
  • Hi all,

    I asked why "ApplianceCertifcate" is selected, but i still have "certificat admin console certificate has expired or is not yet valid"

    and "ApplianceCertificate" is valid until 01-01-2037

    the other certificate wich's deployed is expired on 01-01-2023

    When i did my research, i found  the built-in certificate "ApplianceCertificate" is issued by another FW

    so in the past there was HA primary-slave, and the primary is broken down , then it was replaced by newer one

    then the slave one is reconfigured as primary and work with the certificate of old FW. that's what i understood

    finaly this "ApplianceCertificate" selected is not valid ( capture in the first post)

    my questions are:

    1- can i ignore this built-in certificate ?

    2- The i just add new certificate and select it for webadmin console, portal...etc

    thanks

  • If the certificate selected by "Admin console and end user interaction" is not valid (for example expired), several parts of the system will fallback to the default - which is the ApplianceCertificate.

    The ApplianceCertificate is really a backup to have the system working.  It does not cover the hostname and is not signed by a CA that browsers will recognize - it is also from an internal cA.  You might have one originally generated from another box in some scenarios like yours.  If you really want you can go to Certificate Authorities > Default and edit details, then to Certificates > ApplianceCertificate and click the gear to regenerate.

    But what you really need to do is purchase a new certificate from a public CA similar to the one that just expired.  Then upload it, and select it.