Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS decryption issue explanation for beginner

David Kucera

Hello,

I am converting our customers from primitive FWs to Sophos XGS's and testing TLS decryption.

Would anyone be so kind to walk me through what is happening in specific case below:

Setup: TLS enabled, any of default profiles, Sophos CA as trusted on client computer.

Website: https://www.pentahospitals.cz/  (Czech private hospital group)

Error in logs: Blocked due to invalid TLS certificate

What is the reall cause for the error here? Does this mean that I need to exclude possible loads of websites with similar configurations?

Thank You!



This thread was automatically locked due to age.
  • +1

    Hello!

    David Kucera said:
    What is the reall cause for the error here?

    The certificate chain for this website is invalid, you can find more information about this at SSL Server Test: www.pentahospitals.cz (Powered by Qualys SSL Labs).

    David Kucera said:
    Does this mean that I need to exclude possible loads of websites with similar configurations?

    It's not that common for this to happen, but since the server main "#1" certificate is valid, you can create an exception for "pentahospitals.cz".

    Also, if you create an exception for "pentahospitals.cz", it also works as a wildcard, meaning all subdomains will also be exempt.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 7900 + Mellanox ConnectX-3 (KVM) v21.5 GA @ Home

    Sophos ZTNA (KVM) @ Home