Notifications of Global Verification CA expiration.

Privet Max and welcome to the UTM Community!

I'm not seeing this problem with 'Digital Signature Trust Co. DST Root CA X3' with any of my clients.  What version of UTM are you on?

Cheers - Bob

Hi!
The version is 9.706-9

I just looked at several clients (spread all across North America) for which I'm in the middle of projects and none has this issue.  Does your UTM have the CA with the following?

Cheers - Bob

The fingerprint is the same

I think you have a legitimate reason to open a case with Sophos Support, Max.  Hopefully, they have a way to replace the built-in CAs without re-imaging and restoring a backup.

Cheers - Bob

Stopped receiving notifications and the certificate is gone from web interface after expiration date.

Thanks for reporting back, Max!

There was a problem with sites using an HTTPS certificate signed by the "ISRG Root X1" CA.  In the Americas, this was fixed on 9/30 and probably on 10/1 in the rest of the world.  My lab in Oklahoma and our UTM instance in AWS were both updated about 22:40, so I suspect your UTM was also updated.

It was still necessary for me to restart the Proxy. You can disable/enable Web Filtering in WebAdmin or run the following command as root:

     /var/mdw/scripts/httpproxy restart

If you're in the Americas and you want to see if your UTM was updated:

     zgrep 'package="cadata"' /var/log/up2date/2021/09/up2date-2021-09-30.log.gz

In the rest of the world, I suspect it would be:

     zgrep 'package="cadata"' /var/log/up2date/2021/10/up2date-2021-10-01.log.gz

Cheers - Bob

Thanks for information!