This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Expired external S/MIME certificates not highlighted in webadmin and still used for mail encryption

I found 1 article with this topic, written 3 years ago.

UTMgeek´s Answer: 

  Hello CS, 

  We acknowledged the issue and its make sense to highlight those certificate on webadmin to draw quick attention for certificate update. We will explore possibility to add highlighting option in future version. Stay          tuned !

  Saurabh

  proudly Sophos 

It seems nothing changed since.

In my case, the UTM used an outdated Certificate to encrypt, last week.

Sending an email signed with my new Cert doesn´t work, to update the old one.

I deleted the old one  via api and sent a signed mail again. No success. New cert isn´t imported.

In webadmin  "Email Protection/Encryption/SMIME Certificates" it is not possible  to filter anything else Name.



This thread was automatically locked due to age.
Parents
  • Hallo Peter and welcome to the UTM Community!

    I'm not sure what it is you're asking us.  In my system, outdated certs are removed automatically from WebAdmin.  Are you saying that the old cert is still in the database, but just not shown in WebAdmin so that the cert is used even though we don't see it in WebAdmin?  Are you also saying that if you send an encrypted email with a new SMIME cert to the UTM that it doesn't strip out your new cert?

    What do you see with the following at the command line any past the expiration date?

    cc get_objects emailpki smime |grep 'expires'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Peter and welcome to the UTM Community!

    I'm not sure what it is you're asking us.  In my system, outdated certs are removed automatically from WebAdmin.  Are you saying that the old cert is still in the database, but just not shown in WebAdmin so that the cert is used even though we don't see it in WebAdmin?  Are you also saying that if you send an encrypted email with a new SMIME cert to the UTM that it doesn't strip out your new cert?

    What do you see with the following at the command line any past the expiration date?

    cc get_objects emailpki smime |grep 'expires'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data