This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate expiry notification (Proxy CA)


I received an email from my Sophos instance with the subject "[][WARN-600] Certificate(s) will expire"

1 certificate(s) will expire within the next 30 days:
Proxy CA

System Uptime : 231 days 21 hours 19 minutes
System Load : 0.17
System Version : Sophos UTM 9.705-3

I know the issue is discussed both in this forum and the support KB. However, I do face a problem not addressed in these links.

In my Sophos

a) "web filtering" is not enabled

and b) the page "Web Protection > Filtering Options > HTTPS CAs" suggested in the KB is not "active", ie I cannot click or download any certificate

So my questions are:
1) I am going to be affected if this certificate expires?
2) How can I check if the certificate will auto-renew, since the page is inactive  and I cannot interact with it?



PS I have found the object from a) Support > Advanced > Resolve REF_ and b) /var/log/fallback.log

$VAR1 = {
          'ref' => 'REF_CaMet12345678',
          'lock' => '',
          'autoname' => 1,
          'hidden' => 0,
          'type' => 'meta_x509',
          'class' => 'ca',
          'data' => {
                      'issuer_hash' => '123456...',
                      'subject_hash' => '123456...',
                      'subject' => 'C=uk, L=City, O=Example, CN=Example Proxy CA,',
                      'serial' => 'ABCDEFG...',
                      'public_key_algorithm' => 'rsaEncryption',
                      'name' => 'ABCDEFG...',
                      'issuer' => 'C=uk, L=City, O=Example, CN=Example Proxy CA,',
                      'startdate' => 'Mar 30 18:00:00 2018 GMT',
                      'fingerprint' => 'AB:CD:EF:GH...',
                      'comment' => '',
                      'enddate' => 'Jun 12 00:00:00 2021 GMT',
                      'subject_alt_names' => [
                                               'IP Address:'
                      'vpn_id' => '',
                      'vpn_id_type' => 'ipv4_address'
          'nodel' => ''

This thread was automatically locked due to age.

Top Replies

  • FormerMember
    FormerMember +1 verified

    Hi ,

    Thank you for reaching out to the Community! 

    If you're not using the web proxy, you don't have to worry about this proxy CA notification. 

    You could turn off the notification…

Parents Reply Children
No Data