We've Sophos UTM 9 running on SG230, with Firmware Version: 9.600-5
Error Messages: 1 certificate(s) will expire within the next 30 days:
Site-to-Site vpn has 4 active tunnels
We've redeployed Webadmin/User portal certificate, but we find the message will be email to the engineering staff the next morning with the following message "1 certificate(s) will expire within the next 30 days: Proxy CA".
Would appreciate help with this re-occurring message.
The Proxy CA is the root certificate used to impersonate other websites. It is used for all https-inspection and for block/warn on https sites even when https inspection is off.
That certificate needs to be regenerated, because it expires (I think every 4 years).
To minimize downtime, a clever system manager used this process and posted it to this forum:
Dear Douglas Foster,
The info you've sent on the community blog was very helpful and I carried out some of the task you suggested but with a small difference.
The backups are done every evening so I didn't need to worry about doing another backup.
1. I logged onto the UTM and selected Web Protection -> Filtering options -> HTTPS CAs -> Download ->Export as PKCS#12
2. Once the certificate was down loaded I checked the certificate date. If the date showed the certificate was about to expire I carried out step 3.
3. I regenerated the CA, once regenerated I download the certificate and confirm the expire date was extended.
By running this process the problem as now been resolved.
Once again thanks for your input.
Yes. but then you need to push the new root certificate to all your devuces.