Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Purging expired certs from Sophos Firewall

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Hello Community,

Thank you to Rico for his contribution.

This issue is related to NC-100265. Expired certificate in the cert cache is being used rather than generating new ones.

The certificate cache (/var/certcache or /sdisk/certcache) contains certificates created by awarrenhttp when visiting a website for the first time with HTTPS Decryption. However, awarrenhttp might sometimes use the same expired certificate. This will cause the browser to complain about expired certificates. 


touch /var/certcache/.clear_all_certs_on_reload
service -ds nosync awarrenhttp:restart

Note: all in-progress web traffic will be interrupted for a minute as the service restarts. Non web traffic won’t be affected.

 This is fixed in version 19.0 MR2.

Revamped RR Added Horizontal Lines
[edited by: Erick Jan at 10:27 AM (GMT -7) on 25 Sep 2023]
Parents Reply Children
No Data