Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop! This website is blocked

Hello everyone, 

Recently i noticed a bunch of tickets regarding the following.

i want to go on facebook, but facebook is blocked.

instead of the blocked page i get Error code: SEC_ERROR_UNKNOWN_ISSUER(firefox) or NET::ERR_CERT_AUTHORITY_INVALID(chrome)

it works fine if i install the sophos certificate.

I understand that the certificate must be pushed to end devices,  however i can not ask guest users to install the sophos certificate. 

I also understand that that this can be secured with a public cert.

This seems so random, as for some customers works just fine, but for others not.


I can not ask 200+ customers to buy a certificate to display a blocked page on guest networks. 

Can anyone advise?

Kind regards,

Dragos



This thread was automatically locked due to age.
  • That is expected.  The block page is displayed using a certificate generated from the Sophos SSL CA.
    In essence the browser is saying "I want to go to pornhub.com".
    They get back a page that says "I am pornhub.com and I can prove it because Sophos SSL CA says it is true."
    If the browser has the CA installed it will say "I believe you, lets see the page",  
    If the browser does not have the CA installed it will say "I'm not sure about this, better check with the human"
    Once you see the page, you will see it a block page.

    Alan's reply about passthrough is about the UTM, a different product.  The UTM needs both the CA and also passthrough.