Validate Server Certificate

Hey guys, reaching out for some much-needed help. Have read similar posts but nothing makes sense to me in them.

I have purchased a certificate as well as created a local active directory certificate server. (All Witchcraft to me)

Have installed them on the sophos XG firewall under Certificates. All working well it appears.

I go to:

Configure -> Authentication -> Servers and set up my SSL/TLS connection to active directory.

Select Test Connection and all is good. 

However, when I select Validate server Certificate I get:

What is the firewall doing here, which server is down or unreachable? Is it my Root CA server that is in active directory? Or is it the domain controller? (CA is install on a Domain Member, not on the domain controller)

Note: Firewalls are not active on the Windows Domain Controller and Domain Members. 

All active directory servers and workstation are on the local network. I don't think I am restricting anything on the local network. Or is there a predefined rule that does?

What am I missing here? Any advice would be greatly appreciated. 


Added v19.5 TAG
[edited by: Erick Jan at 9:25 AM (GMT -8) on 8 Feb 2023]
Parents Reply
  • And what if you untick the option "validate server certificate." and then click on the  test connection ?

    To check further we can enable the access_server service in debug enable the option "validate server certificate." and check the logs.
    On the CLI, select option 5. Device Management, then option 3. Advanced Shell

    1.) To enable/disable debug: service access_server:debug -ds nosync
    2.) To check debug logs: tail -f access_server.log  .........................................[Perform the connection test and fetch the results in the logs] 

    Thanks & Regards,

    Vivek Jagad | Team Lead, Global Support & Services 

    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.