General Discussion UTM User Portal Certificate Warning

UTM Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 12 replies
Answers 1 answer
Subscribers 7 subscribers
Views 2144 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM User Portal Certificate Warning

RalBlo over 3 years ago

Hello,
I get the certificate error message when I open the User Portal (UTM 9.705): NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

The certificate is imported in on the computer account in Trusted Root Certificate Authorities.
Is there any solution for this?

RalBlo

This thread was automatically locked due to age.

Parents

0 RalBlo over 3 years ago

I probably figured out why we are getting this NET::ERR_CERT_WEAK_SIGNATURE_ALGORITH error message. The certificates that the UTM issues are issued to SHA1, but it seems that the complete certification chain must be issued to SHA256.
Where can I change this in the UTM?
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 3 years ago in reply to RalBlo

Hi RalBlo,

Thank you for the update.

Run the following command from your UTM as a root to find out WebAdmin certificate details: cc get_object REF_CaSigWebadminCa

Can you provide the screenshot of the error message? Did you import the certificate from the Management > WebAdmin Settings > HTTPS Certificate?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 RalBlo over 3 years ago in reply to FormerMember

The output of the cc get_object REF_CaSigWebadminCa says among other things: Signature Algorithm: sha1WithRSAEncryption.
The certificate has been imported years ago by an external service, but should have been via Management > WebAdmin Settings > HTTPS Certificate.

Here is the screenshot.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RalBlo over 3 years ago in reply to FormerMember

The output of the cc get_object REF_CaSigWebadminCa says among other things: Signature Algorithm: sha1WithRSAEncryption.
The certificate has been imported years ago by an external service, but should have been via Management > WebAdmin Settings > HTTPS Certificate.

Here is the screenshot.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 dirkkotte over 3 years ago in reply to RalBlo

you should import a new, trusted certificate from your domain ca.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 RalBlo over 3 years ago in reply to dirkkotte

You mean from our own Windows CA?
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 3 years ago in reply to RalBlo

yes. User-Portal is a webserver ... so you can create / use a webserver-certificate.

Mostly i use an IIS to create a domain-server certificate and export this from IIS ... the fastest way.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 RalBlo over 3 years ago in reply to dirkkotte

Thank you very much, I will try.
Cancel
Vote Up 0 Vote Down

Cancel