This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue Android Devices after regeneration Web filter CA

Hello,

i had to regenerate the HTTPS Proxy CA to get the 2048bit File for MacOs Catalina. I installed the local .pem File under Verification CAs and redeployed the Files to my other devices again.

Windows / Mac is working fine, no ssl / untrusted errors, surfing with Transparent Proxy works fine :)

The issue what have now is with my Android phones, i installed the new Certificates there, installed for VPN / Apps and again for WLAN the Certificates, but when

opening websites i get untrusted errors ....

Then i went to Web Protection - Filtering Options - Exeptions and added for this devices Skip SSL scanning, Skip Certificate trust check, and Skip Certificate date check

to avoid the SSL errors when surfing.

unfortunately when skipping SSL scanning, the Devices are not protected..

Does someone else get this somehow to work on Android?

 

Thx



This thread was automatically locked due to age.
Parents
  • Hello Sally,

    Thank you for contacting the Sophos Community!

    How are you installing the certificate for the Android users?

    Did users access the User Portal?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Emmanuel,

    Thank you for your reply. I did not enable the user portal first to provide the certs, I installed the Certificates manually as I did on Windows and Mac. As you mentioned in your Reply the User Portal, I took out the Exceptions under Filtering Options, I enabled the User Portal – Accessed via Phone the Portal under Web Filtering - Import CA I choose there the File. And only there I get the Message to Trust the CA (did not get this when I installed manually the Files)

    After the import was done it works with Firefox Mobile on Chrome I get Authority Invalid ERR_Cert, with Firefox all Sites can be accessed without SSL / Untrusted errors. Tried afterwards to download the Eicar Test File and get blocked by the Webfilter, how it should be :)

     

    Thanks a Lot for your Help!

    Have a great weekend

     

    Best regards

    Sally

  • Short Update on this. I had to reinstall my Android Phone new. Android Version 10. After Install i enabled the Portal and tried to import the CA File via Firefox Mobile Version 79.0.5 what is not working with this version. Then i downgraded Firefox to Version 68.11.0 and tried again to import the CA, this time i get correctly the Options Trust to identify websites and Trust to identify email users check boxes offered, and when approved valid message that ca has been imported. After that when upgrading back to Firefox Mobile Version 79.0.5 SSL Inspection is working correctly, no https errors..

Reply
  • Short Update on this. I had to reinstall my Android Phone new. Android Version 10. After Install i enabled the Portal and tried to import the CA File via Firefox Mobile Version 79.0.5 what is not working with this version. Then i downgraded Firefox to Version 68.11.0 and tried again to import the CA, this time i get correctly the Options Trust to identify websites and Trust to identify email users check boxes offered, and when approved valid message that ca has been imported. After that when upgrading back to Firefox Mobile Version 79.0.5 SSL Inspection is working correctly, no https errors..

Children