This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenPGP - Key not downloadable - Workaround added

Hello Guys,

this is my first question in this forum i hope im in the right section for it.

So i got a Problem with one of MY UTMs. Its a SG125 with Firmware Version 9.510-5.

I setup PGP everything working fine. The Problem is the following button to download the public key is not working properly. I can just press download

then the new window pops up with the offer to download and then if i press it nothing happens.

I have the exact configuration at another firewall there it is working just fine overthere. Things i have tried is to reset the Email Encryption system and reboot the system.

Ofcourse i can get the keys from /var/storage/chroot-smtp/.gnupg/ but i´d like to know why it isnt working as my other utm.

Thanks for your help

Jason



This thread was automatically locked due to age.
Parents
  • Hallo Jason and welcome to the UTM Community!

    This is most likely a browser issue.  Try with a different PC/browser.  If that works, delete the cookies associated with this SG and then let us know if that fixed the problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Jason and welcome to the UTM Community!

    This is most likely a browser issue.  Try with a different PC/browser.  If that works, delete the cookies associated with this SG and then let us know if that fixed the problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hello BAlfson,

     

    i tried it from 2 different PCs and different Browsers no success.

    What i discovered:

     

    The UTM that works Firmware 9.509-3

    The UTM that doesnt work 9.510-5

     

    I now updated to the latest Version and see, now the other UTMs Function doesnt work either. So it has to be something with this 9.510-5 Update.

     

    Cheers - Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • Thanks, Jason - I confirm that this is a problem with 9.510.  I'll get a ticket open with Support.

    In fact, the S/MIME download fails identically.

    Cheers - Bob

    UPDATE 40 minutes later: I tested downloads in every place I could think of.  The [Download] button in 'Certificate Management' must use the same code as it fails in the same manner.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    interesting. I hope they fix this. Are they normaly quick in fixing Problems like that or do they need some weeks/month?

    Update Later FYI: The Button at the Certificate Management to download the S/MIME CA Cert works fine in my case.

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • I rebooted my lab UTM 320 and continue to have the problem on the 'Certificates' tab in 'Certificate Management'.  I have no problem on the 'Certificate Authority' tab.  Did you try the 'Certificates' tab?  I'll add a link to this thread to the case I opened.

    Cheers - Bob
    PS These should be easy to fix.  I hope a 9.511 arrives quickly.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes i also have no Problems in the Authority tab. Every other download in the Section does not work for me it is the same you described above.

    Regards

    Jason

    Sophos Certified Architect - UTM

  • Jason, a feather in your cap!

    Here's a workaround to get the key.  Start by logging in with PuTTy at the command line. (How to use the Putty tool to access the command line)

    1. Run a command as root that outputs the desired key on your terminal.  My example is testuser@domain.com:

    secure:/root # cc openpgp_get_certkey $(cc get_object_by_name emailpki user testuser@domain.com | fgrep "'ref'" | grep -o "REF_[^']*")

    2. Copy the following result into a Windows text editor and save it as testuser@domain.com.pub.asc.

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2.0.9 (GNU/Linux)

    mQMqBFqdplkRCADNKDSKpbiHFg5ucU0/cHtC6w22yGFfof26hiEUFqAGx/dzDmA3
    h13JiHVAPsIuo17a480ocIfSnWRIkXUxr4wNfq46HuFFyJHvya4Yx7VCkxWkPm5W
    g9+pNb13supMd/mZYCS1sW7fokchEIP9XRxEBKbOL+WvQJE3kUuI63u0CfJVziJG
    UGd0qr+iOF90ae4GI6Q1jh5lXJvWUeGCvVHI3Mwxy53c3a+npf0fu0TcxO4wBGg0
    7EsnjdwJ8Hb5t9WyvCdmkdepbHE3qYUS9iKePqaW3ot/aeuit0/hfTvPce5ACy6C
    6kBFLVnFZXWncwhmbQHwM8u4vQbj2biBzkcLAODGPaxzBqJUqJVwFmo72xt/eIg3
    g/w3X/xFfMuzCAC1Uvd9uYCE0ItzzagWeoCxp8nNDfw/+XZXIFdrx7uq8VdgakFF
    kVSFHBA0aSZkNVfXJMQmqR/xQJf9nV7IwMdIftg0ps6vJAyaLEEuSlhMLqa3+UZE
    Km5+XDzktnIHnO7C2h3iemSfFd6Xk6T0hSb2GiM0M2hLNZujyXnU3/hJri4BP5Ap
    657T4rDJ91IEMEesT5twPfo4pj2Pfwpu5I1ek8Pl0KooMs8JtxfYQo43SkK290CT
    JCAuOQmJVNAKYXc+HfHAFwjCgXxSGB6Fq0NYAx0xFSwWB0+SZzAigsua8piEraJE
    ITJRZrNdcu628YuR9skWBakXo6xHfubJJR49CACy5ln+s9B8hYo/J3UnihdMiiEE
    5QOIjADkBf61wSWHdEHFwNCkPOYZ0z6ZRto6IYvX0demCvvEfsNQKhkKL7Sdw2gP
    Dfq/nnYTDntc5z9oH2UAPyliVtbOCvfiOsv6nOlICnGD2nS0b7bWvFFEQIoUwWb1
    xLoj+CJv4MxAu5yVDgPMLF2Rlu5iLSUyIzT7BUCJaIJMbYLXmT41GX2ZOC4x79Gg
    2rf2dV8BaO38T0y78E5XGFPYS4ZCDI+CyciczACnLMYLGD/yw9ls5nFT7heVc6tp
    titcnxKF25eFAGuXVdm7a/4ShYGUcbug9umVbREDI1SkTzAX6+77JK2Lt2OKtCVC
    b2IgQWxmc29uIDxiYWxmc29uQG1lZGlhc29mdHVzYS5jb20+iHAEExELACAFAlqd
    plkCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCHgNW098/INMqbAOCUuI51
    1nBc0i6jhXNYtAc2C6oB8THv5ILdOZuTANkB+MfcggtLGphtvKSypqdNN5gQyLNj
    yvLIhiB0iEYEEBECAAYFAlqdpmQACgkQ5gYBbAIG4HFuSwCeIi9cOd4AXf+NTVI/
    dNVG2Y6y44cAoMfs9eLPB3YacsySgY1ie5ZpBJYJuQINBFqdplkQCADc9qnWo9Ht
    1rlqL70UbQvqsbm4UkUuO7xm+9rnSlECdPthDBX9wiZKj6aKWYsVThDQQtIR1qv2
    fBoLKGrqGS3yKowBX2xIwm/flOQiJ/0LTgXK3dmRIWFMpESK46iSJCtcRGVLFQRX
    tXOW11yJrzt883yk8chKUjBfLVeX5ce6ypsBBJfYq5z7xYQA4qMiEzfbvgSvKD47
    XPGC9TZW+eLEh+BR4dftS8UBPU8rRyVMBF9syALGVMHPcHo5WWdkUDxwTyEWCMn5
    ygM4hZ0LK5IOrRmXIH3cc3H/YeAev0lMVJZ0faY4EeGqzwZJumHYhXsOMgAxA1Yf
    +DxUWV8wF2gnAAQLB/kB3/WirawleBfoCnJIs1cfutGAV/GU/61H+p93reAqOvk8
    ugDCVQqsTBLXO/7npHYG4KYMcMwIdEdA0ZXOleEts3tz0mXYNIQ6qA4txL9cGPY3
    /hnXDDTMAJSbeLjQch5hOtnwoPxitsNEPefdPw8CA1/vqYK11JcuzkrWwEGDpYAA
    pE8jZ+SJ2fepdXpjTm38du6yRbTEh4KEAeIp0rNKsZDp2G4nQ+SezTFewGYk7ypd
    R+gIyNA4nT8zHwKOfsUPcyP2LtxjENyPpdP+uCmtkbLbNCrMGRKVWdlFLGbpuBex
    JvI/qpMQUfpFLY7xrySzvyzRluv4RD7y8kIitbOQiFkEGBELAAkFAlqdplkCGwwA
    CgkQh4DVtPfPyDRsoQDgkwvj89OIwdWcYS9q32zTgZJ+Ro6CHnDG6bfJlgDfcFEy
    6xqvXOpOE0IIH6gRey7jsawhGshaj+PPvw==
    =Fo30
    -----END PGP PUBLIC KEY BLOCK-----

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob,

     

    Works well thank you. Thats at least some more quick way to get the PubKey

     

    The way i did it in case this doesnt work for another user for whatever reason:

    Login via WinSCP, go to /var/chroot-smtp/.gnupg/ and then Import the pubring.gpg into a program like Kleopatra there i was able to Right klick

    Export public Key to file.

     

    Thanks 

     

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • Modify a certificate at the command line so that it can be downloaded in WebAdmin in 9.510

    New member Frank, IT posted that the certificate download bug had to do with having parentheses in the name, so I tested the following...

    First, we need to get the REF_ of the certificate we want to rename (my bold):

    secure:/root # cc get_object_by_name aaa user 'testuser' |grep \'x509_cert\'
                          'x509_cert' => 'REF_fiqNWbGvwf',
    secure:/root # cc get_object REF_fiqNWbGvwf |grep \'certificate
                          'certificate' => 'REF_mYjqWiANga',

    Now, change the name (the result of the following would be 0 instead of the REF_ if the command were incorrect):

    secure:/root # cc change_object REF_mYjqWiANga name 'testuser X509 User Cert'
    REF_mYjqWiANga

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA