3CX DLL-Sideloading attack: What you need to know
Running 9.715
My HTTPS signing CA cert was due to expire in the next 30 days so I regenerated the cert: Web Protection / Filtering Options / HTTPS CAs / Regenerate
After doing this internal hosts were not able to retrieve the new cert from http://passthrough.fw-notify.net/cacert.pem, connections time out
I have done the following but nothing resolves the issue:
1) Uploaded the original cert to the UTM
2) Didn't find any clues in the logs
3) Regenerated another new cert
4) Rebooted
5) Waited overnight for some magic to happen... ;-}
At this point I'm stumped and am looking for help to resolve this.
--Larry
I just rolled back to 9.714 and found that the same timeout on http://passthrough.fw-notify.net/cacert.pem which was not what I was expecting. Turns out that the system I was using to test pulling the new CA cert was routing through a *different* firewall which didn't know anything about Sophos' fw-notify.net...
So, this is clearly a self-inflicted wound. I am sorry to have wasted anyone's time on it.