Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1871 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate expiry notification (Proxy CA)

Vangelis Katsikaros

Hi

I received an email from my Sophos instance with the subject "[example.com][WARN-600] Certificate(s) will expire"

1 certificate(s) will expire within the next 30 days:
Proxy CA


System Uptime : 231 days 21 hours 19 minutes
System Load : 0.17
System Version : Sophos UTM 9.705-3

I know the issue is discussed both in this forum and the support KB. However, I do face a problem not addressed in these links.

In my Sophos

a) "web filtering" is not enabled


and b) the page "Web Protection > Filtering Options > HTTPS CAs" suggested in the KB is not "active", ie I cannot click or download any certificate


So my questions are:
1) I am going to be affected if this certificate expires?
2) How can I check if the certificate will auto-renew, since the page is inactive  and I cannot interact with it?

Regards

Vangelis

PS I have found the object from a) Support > Advanced > Resolve REF_ and b) /var/log/fallback.log


$VAR1 = {
          'ref' => 'REF_CaMet12345678',
          'lock' => '',
          'autoname' => 1,
          'hidden' => 0,
          'type' => 'meta_x509',
          'class' => 'ca',
          'data' => {
                      'issuer_hash' => '123456...',
                      'subject_hash' => '123456...',
                      'subject' => 'C=uk, L=City, O=Example, CN=Example Proxy CA, emailAddress=user@example.com',
                      'serial' => 'ABCDEFG...',
                      'public_key_algorithm' => 'rsaEncryption',
                      'name' => 'ABCDEFG...',
                      'issuer' => 'C=uk, L=City, O=Example, CN=Example Proxy CA, emailAddress=user@example.com',
                      'startdate' => 'Mar 30 18:00:00 2018 GMT',
                      'fingerprint' => 'AB:CD:EF:GH...',
                      'comment' => '',
                      'enddate' => 'Jun 12 00:00:00 2021 GMT',
                      'subject_alt_names' => [
                                               'IP Address:127.0.0.1'
                                             ],
                      'vpn_id' => '127.0.0.1',
                      'vpn_id_type' => 'ipv4_address'
                    },
          'nodel' => ''
        };



This thread was automatically locked due to age.
Unfiltered HTML