Hi
I received an email from my Sophos instance with the subject "[example.com][WARN-600] Certificate(s) will expire"
1 certificate(s) will expire within the next 30 days:Proxy CA– System Uptime : 231 days 21 hours 19 minutesSystem Load : 0.17System Version : Sophos UTM 9.705-3I know the issue is discussed both in this forum and the support KB. However, I do face a problem not addressed in these links.In my Sophosa) "web filtering" is not enabledand b) the page "Web Protection > Filtering Options > HTTPS CAs" suggested in the KB is not "active", ie I cannot click or download any certificateSo my questions are:1) I am going to be affected if this certificate expires?2) How can I check if the certificate will auto-renew, since the page is inactive and I cannot interact with it?
Regards
VangelisPS I have found the object from a) Support > Advanced > Resolve REF_ and b) /var/log/fallback.log
/var/log/fallback.log
$VAR1 = { 'ref' => 'REF_CaMet12345678', 'lock' => '', 'autoname' => 1, 'hidden' => 0, 'type' => 'meta_x509', 'class' => 'ca', 'data' => { 'issuer_hash' => '123456...', 'subject_hash' => '123456...', 'subject' => 'C=uk, L=City, O=Example, CN=Example Proxy CA, emailAddress=user@example.com', 'serial' => 'ABCDEFG...', 'public_key_algorithm' => 'rsaEncryption', 'name' => 'ABCDEFG...', 'issuer' => 'C=uk, L=City, O=Example, CN=Example Proxy CA, emailAddress=user@example.com', 'startdate' => 'Mar 30 18:00:00 2018 GMT', 'fingerprint' => 'AB:CD:EF:GH...', 'comment' => '', 'enddate' => 'Jun 12 00:00:00 2021 GMT', 'subject_alt_names' => [ 'IP Address:127.0.0.1' ], 'vpn_id' => '127.0.0.1', 'vpn_id_type' => 'ipv4_address' }, 'nodel' => '' };
Hi Vangelis Katsikaros,
Thank you for reaching out to the Community!
If you're not using the web proxy, you don't have to worry about this proxy CA notification.
You could turn off the notification from Management > Notifications > search for WARN-600, or another option would be to get a temporary license for Web Protection(If not licensed) and regenerate the Proxy CA from Web Protection > Filtering Options > HTTPS CAs > Regenerate.
If you already have the license for the web filtering, you could turn it on and regenerate the certificate and then turn it off.
Thanks,
Hi Thanks for the prompt answer
Indeed, turning on the "Web Protection", regenerating the certificate and then turning it off again, seems to work.
Vangelis
I'm glad to know that your issue is resolved.