Stop! This website is blocked

Hello everyone, 

Recently i noticed a bunch of tickets regarding the following.

i want to go on facebook, but facebook is blocked.

instead of the blocked page i get Error code: SEC_ERROR_UNKNOWN_ISSUER(firefox) or NET::ERR_CERT_AUTHORITY_INVALID(chrome)

it works fine if i install the sophos certificate.

I understand that the certificate must be pushed to end devices,  however i can not ask guest users to install the sophos certificate. 

I also understand that that this can be secured with a public cert.

This seems so random, as for some customers works just fine, but for others not.

I can not ask 200+ customers to buy a certificate to display a blocked page on guest networks. 

Can anyone advise?

Kind regards,


Added TAGs
[edited by: Erick Jan at 1:48 AM (GMT -7) on 31 Oct 2023]
  • That is expected.  The block page is displayed using a certificate generated from the Sophos SSL CA.
    In essence the browser is saying "I want to go to".
    They get back a page that says "I am and I can prove it because Sophos SSL CA says it is true."
    If the browser has the CA installed it will say "I believe you, lets see the page",  
    If the browser does not have the CA installed it will say "I'm not sure about this, better check with the human"
    Once you see the page, you will see it a block page.

    Alan's reply about passthrough is about the UTM, a different product.  The UTM needs both the CA and also passthrough.