This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Expired external S/MIME certificates not highlighted in webadmin and still used for mail encryption

I found 1 article with this topic, written 3 years ago.

UTMgeek´s Answer: 

  Hello CS, 

  We acknowledged the issue and its make sense to highlight those certificate on webadmin to draw quick attention for certificate update. We will explore possibility to add highlighting option in future version. Stay          tuned !

  Saurabh

  proudly Sophos 

It seems nothing changed since.

In my case, the UTM used an outdated Certificate to encrypt, last week.

Sending an email signed with my new Cert doesn´t work, to update the old one.

I deleted the old one  via api and sent a signed mail again. No success. New cert isn´t imported.

In webadmin  "Email Protection/Encryption/SMIME Certificates" it is not possible  to filter anything else Name.



This thread was automatically locked due to age.
Parents
  • Hi Bob,

    i´m late, sorry!

    outdated certs are not removed, cc gives me a long list.(447 certs  starting 2015).

    216 certs expired before 2020.

  • Wow, that has to be a BUG - please get a support ticket open so this can get escalated to the developers!  You might also mention that expired 'Local S/MIME Authorities' continue to appear in WebAdmin with no indication they've expired.

    Schöner Fang, Peter !

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • this is the answer i got in response  of my ticket:

    I apologize for the inconvenience but as I checked in the firewall and consulted further, this is the default behavior of the UTM as of now. It encrypts as long as it matches.
    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs. You can raise a feature request using http://ideas.sophos.com/ and subscribe the notifications. This would be reviewed by our Product Management Team and would be considered based on various feasibility criteria.
    Please be aware that we cannot guarantee the proposed changes will be made or provide any timelines for the request. Sophos would like to thank you for your time and effort in helping us to build a better product.

    To remediate your issue, you need to manually delete the expired certificates.

Reply
  • this is the answer i got in response  of my ticket:

    I apologize for the inconvenience but as I checked in the firewall and consulted further, this is the default behavior of the UTM as of now. It encrypts as long as it matches.
    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs. You can raise a feature request using http://ideas.sophos.com/ and subscribe the notifications. This would be reviewed by our Product Management Team and would be considered based on various feasibility criteria.
    Please be aware that we cannot guarantee the proposed changes will be made or provide any timelines for the request. Sophos would like to thank you for your time and effort in helping us to build a better product.

    To remediate your issue, you need to manually delete the expired certificates.

Children
No Data