Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with a FAKE SSL certificate Sophos is creating!

Science-Rite CBD

Hello,

Is there a SSL expert in the house?

I was on a PUBLIC WiFi AP yesterday and was shocked to find out my websites SSL from DigiCert was not used. In fact, the WiFi said that my SSL Certificate is coming from Sophos.

Below I will display what I have installed on my website 1. and 2. images of the FAKE SSL from Sophos.

  1. My website is www.science-ritehemp.com and my Digicert SSL certificate is pasted directly below. 

Issued To

Common Name (CN)
www.science-ritehemp.com
Organization (O)
<Not Part Of Certificate>
Organizational Unit (OU)
<Not Part Of Certificate>

Issued By

Common Name (CN)
GeoTrust TLS RSA CA G1
Organization (O)
DigiCert Inc
Organizational Unit (OU)
www.digicert.com

Validity Period

Issued On
Wednesday, March 29, 2023 at 5:00:00 PM
Expires On
Sunday, April 7, 2024 at 4:59:59 PM

Fingerprints

SHA-256 Fingerprint
7C 42 14 7E C4 A8 C2 F0 1B DA 78 D8 F1 CB 71 E6 25 CB F7 F7 BA 89 DA 18 4A 9B E3 1E D5 A2 C8 BE
SHA-1 Fingerprint
9E 3D E4 C3 89 86 53 4B 89 D8 42 82 4B C0 54 C6 0C 9F 30 9E

2. FAKE SSL from Sophos that I saw when I went through this Public WiFi AP, it showed that my connection was not secure and my website www.science-ritehemp.com has trouble. I am pasting the images I saw from my iPhone below....

Any idea of went wrong and how to update things? We absolutely DO NOT have an SSL certificate with Sophos and it also happened on my other website www.science-ritecbd.com

Thank you so much!

Johnathan



This thread was automatically locked due to age.
  • 0

    Hello,

    Thank you for contacting the Sophos Community.

    Basically, the Public Network you connected to is using the Sophos Firewall as a proxy and decrypting the connection; since your mobile phone doesn’t have the Sophos certificate installed, the connection isn’t trusted, and thus you get the error.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Are you a Sophos Partner?Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The award-winning home for Sophos Support video! - Visit Sophos Techvids
    • 0 in reply to emmosophos

      Thanks you for trying to simplify the answer. Are you saying that all PUBLIC WIFI AP's with using the SOPHOS FIREWALL will block all websites without your software/certificate on it? 

      If you look at the images, you can see that the SOPHOS FIREWALL issued me an SSL CERTIFICATE for the website.

      Why did it not work? I need to tell this company that is using the SOPHOS FIREWALL that they have a serious problem. 

      Please let me know your thoughts.

      Thanks,

      Johnathan

      • 0 in reply to Science-Rite CBD

        Hello,

        Not only the Sophos Firewall, every router that does Decrypt and Scan, and users who don't install the certificate will cause this. Most likely, the admin incorrectly configured the Wireless for guest access to do that. It’sn’t common, but it does happen. Not your issue or your website issue.

        Regards,

         
        Emmanuel (EmmoSophos)
        Technical Team Lead, Global Community Support
        Are you a Sophos Partner?Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
        If a post solves your question use the 'Verify Answer' link.
        The award-winning home for Sophos Support video! - Visit Sophos Techvids
        • 0 in reply to emmosophos

          Hello again,

          Thank you. I am trying to digest what you are saying as a simple business owner...

          So to be clear, you are saying that when I use my iPhone's safari browser and go to a website like  www.science-ritecbd  or  www.science-ritehemp.com,  which have their own SSL from DigiCert which I pay annually for on both sites, all PUBLIC/GUEST WIFI's such as SOPHOS install a certificate on my iPhone in order to use the Wi-Fi, Correct?

          In this situation, when I went to go to  www.science-ritehemp.com,  the SOPHOS firewall did not see that I had an SSL installed on  www.science-ritehemp.com,  or did not care, and installed it's own SSL certificate on my phone. Either way, after the SSL certificate was installed on my iPhone, it still did not allow me to connect to the website. See image below for confirmation that a SOPHOS SSL certificate was installed on my iPhone, which curiously matches my DigiCert's SSL exact dates for start and expiration.

          Correct me if I am wrong, but it appears that the SOPHOS Wi-Fi Firewall  DID INSTALL a SSL CERTIFICATE  and then said it was suspicious and labelled it as fake. It confused itself because my website had a SSL certificate installed from DigiCert, it went and created another one, and said it was IMPERSONATING my website and not secure. Again, look at the images below confirming that a SOPHOS SSL CERTIFICATE, IN FACT, WAS INSTALLED on my iPhone.

          Thanks again for trying to articulate this and I look forward to your response.

          Johnathan

          • 0 in reply to Science-Rite CBD

            You can read about this here:  Sophos Firewall: HTTPS Decrypt and Scan FAQ 

            Basically it is common practice, to do this for your own devices. Seems like the Architect of this particular SFOS appliance did not pay attention. 

            __________________________________________________________________________________________________________________

            • 0 in reply to emmosophos

              Hi Emmanuel,

              Thank you.

              I have been trying to understand your statement above. As well, I done my best to read LuCar Toni 's recommendation:   Sophos Firewall: HTTPS Decrypt and Scan FAQ 

              I am still lost as to why Sophos would issue a certificate and not have it accepted by Safari and Google Chrome on my iPhone. It is strange that Safari and Google Chrome don't trust the Sophos Certificate...Do they realize that it is not the real SSL certificate or that is is SELF-SIGNED?

              Either way, in the next few days, I will test using a FireFox Browser and also uninstall my AVG Security Bundle and AVG VPN and then re-boot and see if that helps.... I will also run IP Trace Route with my Network Analyzer Lite software on my iPhone both on the Sophos WiFi and 5g from the same location.

              I really hope that this is an isolated situation and not going to happen for others trying to access my websites..

              Would you be able to use an iPhone and try to accessing my websites www.science-ritecbd.com and www.science-ritehemp.com to see if going through your own/companies Sophos WiFi Router to see if you get blocked? I would really appreciate this to really narrow the issue down. 

              Lastly, is their any data base I can register on within Sophos to store my trusted ssl certificates? 

              Here are the results from a few different SSL Tester sites:

              https://www.ssllabs.com/ssltest/analyze.html?d=www.science-ritecbd.com

              https://www.sslshopper.com/ssl-checker.html#hostname=www.science-ritehemp.com

              https://dnschecker.org/ssl-certificate-examination.php

              https://www.immuniweb.com/ssl/www.science-ritecbd.com/I8ViGyUq/

              Thanks again,

              Johnathan

              • 0 in reply to Science-Rite CBD

                Hello,

                So if you want to be more clear about what is happening, the next time you connect to the Hotspot, go to the website and click the "visit this website" Then the next screen will most likely be a "Stop. This website is blocked." and the reason or an SSL connection dropped or a warning certificate if the site loads.

                You’re going far and above for a simple proxy issue; I recommend you reach out to a consultant to explain what is happening, as you’ll be investing a lot of time and energy in "solving" something that isn’t in your hands to "solve", not because you can't but because the Administrator of that hotspot is simply blocking access to certain websites categories and using the Proxy option.

                Regards,

                 
                Emmanuel (EmmoSophos)
                Technical Team Lead, Global Community Support
                Are you a Sophos Partner?Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
                If a post solves your question use the 'Verify Answer' link.
                The award-winning home for Sophos Support video! - Visit Sophos Techvids