This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why doesn't work the ssl certificates not well

Hi, 

 

We got out UTM in january this year.
The Installation of the utm was not any problem.

The user portal workd fine after installing our certificate the connection is a secure one.
Now I had a new certificate, because the old one expired a couple of days ago.

I installes the certificate and intermediate cerificate on the utm firewall.
Every thnig seems to work fine.

However out Technical epartment uses the webportal as accesspoint to our network to view some process 24 hours a day.

Last night I got a message that told me the technical engineer was inable to logon.
The connection to the firewall seems to be un trusted.

I saw the engineer connected with the firewall browser.
So I tested the connection also with my firewall browser and had the same problem.

When I used chrom or IE there was not a problem.

I could help the engineer by make an exeption in firefox to allow the connection to the user protal, so he could do his job.

Now I have to save this issue.
As I go to a SSL check website I get the message that ther server (our firewall) doesn't send the intermediate certificates.

There is told me this is a problem of firefox.
Whice is exactly what i see. in firefox it doesnot work and in chrome it does.

I also saw when I install the intermediate certificate into firefox, the connection is trusted.

So it's also correct the the issue comes from the missing certificate.

My question How do I get the utm firewall cofigured to send the intermediate certificate to the client browser?



This thread was automatically locked due to age.
Parents
  • User Portal and WebAdmin do not send the intermediate certificate, even though they should.   This is a long-standing deficiency that I cannot defend.   

    However, all know web browsers use a feature called "AIA Fetching" to find missing intermediate certificates, because this is a common configuration problem throughout the internet.

    Assuming you have some specialized software that cannot do AIA Fetching, installing the intermediate certificate on the client device should be a sufficient workaround, as you have reported.

    I have no idea why the problem only appeared when you changed certificates.   My best guess is that the intermediate certificate changed, and the old one was cached on your client device but the new one was not.

  • Thanks DouglasFoster,

    You answer is very clear to my.

    However the specialized software, as you call it, is Mozilla Firefox. I wondering whats so special at this browser?

    As you said installing the intermediate certificate in de certificate location of Firefox fixed my problem for now.

    The way the UTM acts make the right functionality and connectivity of the user portal dependend at the browser

    Whice is an unwanted situation.

    Our userportal is the entrance to our network for a couple of guest companies whice must make connection to support the equipments we bought from them.
    As system administrator I have no influence on the systems, browsers and certificatates that the engineers of the supporting compagnies use.

    So the mechanisme of automaticly send this intermediated certificates should work properly.

    Is there a way to point sophos support at this deficiency?

    Best Regards,

    Peter Vroegop

Reply Children
No Data