Hi
After Google has updated Chrome, we now have problems accessing websites with SSL.
HTTPS Scanning is enabled on the Sophos UTM and the problem seems to be that Chrome no longer accepts an empty DNS name in the SSL certificate presented in the browser.
Does anyone have a solution to this?
I guess that the best solution would be for Sophos to change the way they generate the "Man in the middle" certificate so that the website URL is listed in the DNS (or SAN) in the certificate.
Anyone?
Kind regards
Karsten Stolten
Ηι
Any update regarding issue ?
Thank you very much for pointing that out!
Hello, I'm just wondering if there is any news on when we might see an update to resolve this issue?
As this is now starting to affect our organisation as well. We managed to stop the updates before our PCs were affected but a number of our Macs have already updated to Chrome 58 and can not get on Google websites and services.
Unfortunately Macs cannot use GPOs, so we have had to advise users to switch to Safari for the time being, but it would be better if Sophos could fix the issue with HTTPS certificate generation on their UTM system.
Thanks,
Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK.
Hi All,
We have resolved this issue with our latest update
UTM 9.413004
ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.412002-413004.tgz.gpg
MD5: 753ff750ef6785f3f7fa2c97ed9da42c
File size: ~4MB
Regards,
Aditya PatelGlobal Escalation Support Engineer | Sophos Technical SupportKnowledge Base | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'This helped me' link.
HI,
I've applied this and it has NOT fixed the issue unfortunately - exactly the same issue with HSTS enabled sites and Chrome 58 as before.
Disabling SSL inspection is not really a viable option, nor is rolling out a GPO.
Dan
Surely Sophos have had an idea that this was going to cause a problem? Google have had this planned for months from what I can see, so how does a company as big as Sophos not patch their products in good time, to resolve any issue? We shouldn't have to resort to changing group policy settings to implement a workaround.
colly72 said: Surely Sophos have had an idea that this was going to cause a problem? Google have had this planned for months from what I can see, so how does a company as big as Sophos not patch their products in good time, to resolve any issue? We shouldn't have to resort to changing group policy settings to implement a workaround.
To be fair, you can find evidence of this hitting any major filtering provider you care to think of. Its not just Sophos being lazy ;)
Maybe it's a criticism of the industry as a whole then. Still doesn't cover Sophos in much glory.
That's disappointing, and this still didn't work for you after re-generating the cert and deploying it again?