Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 7 subscribers
  • Views 9348 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

proxy ca cert expire alert ?

colinjmx5

any idea how to fix below, utm is setup for auto updates

 

 

 

1 certificate(s) will expire within the next 30 days:
Proxy CA

--
System Uptime      : 18 days 18 hours 38 minutes
System Load        : 0.07
System Version     : Sophos UTM 9.508-10

Please refer to the manual for detailed instructions.

 

Colin



This thread was automatically locked due to age.
Parents
  • 0

    There have been other threads about this, Colin.  It's the CA used in Web Filtering to allow the Proxy to scan HTTPS traffic.  If you haven't distributed the Proxy CA to your users, just [Regenerate] one on the 'HTTPS CAs' tab of 'Filtering Options'.  You will need to distribute the new CA to any device that uses the old one.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    We dont use the web filtering option so why is this happening ?

    Do we need to enable but not use to allow regen option to be selected ?

  • 0 in reply to colinjmx5

    Those are good questions for Sophos Support - please let us know what they say.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    enabled web filtering and regenerated proxy ca, need to check no alerts over next few days.

    if fixes will disable web filtering

Reply Children
  • 0 in reply to colinjmx5

    I know it's been 2+ years, but did this work? I have a similar situation. I'm getting emails the Proxy CA is going to expire, but from what I can tell Web Filtering is not even turned on. (I inherited this unit, so thanks in advance for any reply.)

  • 0 in reply to Jerry Carter

    Hi Jerry and welcome to the UTM Community!

    The only way I know to address this is with a short-term demo license that lets me turn Web Filtering on to be able to generate a new CA - maybe your reseller can help with that.  Maybe Sophos Support has a better trick.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Jerry Carter

    Hello Jerry,

    Thank you for contacting the Sophos Community.

    Please check this KB to confirm if the certificate in question is the one that will expire.

    If you don't use that certificate you can ignore the alert, you can turn it off by going to Management >> Notifications >> and untick this 2.

    Additionally, I could provide you with a temporary license if you would like, with Network Protection so you can regenerate the certificate, if you want this, please send me a PM.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Oops!  I know you know this, Emmanuel, but it's the Web Filtering Proxy CA, so he would need a license that enables Web Protection.

    Jerry, you can use Emmanuel's trick to solve your immediate problem, but you won't want to leave WARN-600 unchecked after you solve the Proxy CA expiration problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML