Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 21567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAA Could not validate certificate

TroyCarpenter

In another thread that has not yet been restored at astaro.org:

https://www.astaro.org/gateway-products/web-protection-web-filtering-application-visibility-control/55187-could-not-validate-certificate-saa-will-now-close.html

"I have found a few posts similar with this error message but non of them seem to help.
I installed the Sophos Agent on my local machine (Win 8) and entered my Active Directory credentials, this worked a treat and web filtering was working as expected.
I then restarted the machine and logged back on with the same credentials and I get the error:
Could not validate certificate! SAA will now close
Tried uninstalling / reinstalling etc but the error remains.
Any help please."

I have the same problem.  I noticed when I installed SAA on other computers, it included a certificate import that is NOT happening on this laptop (SAA works on all the other computers I've tried thus far).  I removed all the various certificates that have been downloaded from the UTM since I first installed and tried a reinstall of SAA, but that still didn't do the certificate install phase.  I have tried manually installing various CA certificates from the UTM, but I still apparently haven't found the right one.

What do I need to do to get the right certificate on this laptop?



This thread was automatically locked due to age.
  • 0
    Are you installing with administrative rights on this one computer? Are there any differences between this one laptop and the other computers in terms of permissions or rights?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    The account is administrator. I also did an explicit "run as administrator". No difference.

    The other machines are all pretty much configured the same way. One difference is that this laptop is a corporate machine which has a great number of corporate certificates in the store.

    Also, on one of the machines that works, I can see my client authentication certificate in the "trusted CA authority" store. However, on the laptop that is NOT working, I cannot get that certificate in that store no matter what I have tried (importing explicitly into the trusted CA store and letting it pick automatically).

    I'm also not sure which certificate it is, so I exported it from the machine that works. I haven't been able to find a place in UTM where I can download a CA certificate that has the same properties.
  • 0
    Do you install the SAA with the .msi or the .exe file ?
    I think one of them don't install the certificate.

    In my side, I distribute the certificate AND install the MSI with GPO
  • 0

    I have the same problem. Anyone has a solution or an idea?

    I've installed the SAA with the exe file, as I did with a lot of other clients.

    Only one client is not working and bringing the same error: Could not validate certificate! SAA will now close.

    Thanks in advance for your support.

    Angelo

  • 0 in reply to angelo_ekz

    Hi Angelo,

    I think you have to install the certificate .pem along with the client authentication agent.

    The certificate can be downloaded from the UTM, the link is at the bottom of the page where you found the client msi file (definitions & user > client authentification).

    Best regards,

    Thomas

  • 0

    I have the same problem.

    The suggested solution is incomplete and does nothing to address the problem if the SAA_setup.exe is the file used to install.

    Please see the below from the help file for an explanation of the files.

    ----------------------------------------------

    Client Authentication Program

    When Client Authentication is enabled, you can download the Sophos Authentication Agent (SAA) here. You can either distribute the SAA manually or have your users download the client from the User Portal.

    Download EXE: Downloads the Client Authentication program including the CA certificate for direct installation on client PCs. This is the same file as can be downloaded from the User Portal.

    Download MSI: Downloads the Client Authentication MSI package. This package is designed for automatic package installation via domain controller (DC) and does not contain the CA certificate.

    Download DMG: Downloads the Client Authentication Mac OS X disk image. This image is designed for installation on client computers having an OS X operating system.

    Download CA: Downloads the CA certificate that has to be rolled out in addition to the MSI package.

    The SAA can be used as authentication mode for the Web Filter. For more information see chapter Web Protection > Web Filtering > Global.

    ------------------------------------------------------------


    So, if anyone has found a solution to the issue of "Could not validate certificate! SAA will now close" please post a solution!

Unfiltered HTML