Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate expiry notification (Proxy CA)


I received an email from my Sophos instance with the subject "[][WARN-600] Certificate(s) will expire"

1 certificate(s) will expire within the next 30 days:
Proxy CA

System Uptime : 231 days 21 hours 19 minutes
System Load : 0.17
System Version : Sophos UTM 9.705-3

I know the issue is discussed both in this forum and the support KB. However, I do face a problem not addressed in these links.

In my Sophos

a) "web filtering" is not enabled

and b) the page "Web Protection > Filtering Options > HTTPS CAs" suggested in the KB is not "active", ie I cannot click or download any certificate

So my questions are:
1) I am going to be affected if this certificate expires?
2) How can I check if the certificate will auto-renew, since the page is inactive  and I cannot interact with it?



PS I have found the object from a) Support > Advanced > Resolve REF_ and b) /var/log/fallback.log

$VAR1 = {
          'ref' => 'REF_CaMet12345678',
          'lock' => '',
          'autoname' => 1,
          'hidden' => 0,
          'type' => 'meta_x509',
          'class' => 'ca',
          'data' => {
                      'issuer_hash' => '123456...',
                      'subject_hash' => '123456...',
                      'subject' => 'C=uk, L=City, O=Example, CN=Example Proxy CA,',
                      'serial' => 'ABCDEFG...',
                      'public_key_algorithm' => 'rsaEncryption',
                      'name' => 'ABCDEFG...',
                      'issuer' => 'C=uk, L=City, O=Example, CN=Example Proxy CA,',
                      'startdate' => 'Mar 30 18:00:00 2018 GMT',
                      'fingerprint' => 'AB:CD:EF:GH...',
                      'comment' => '',
                      'enddate' => 'Jun 12 00:00:00 2021 GMT',
                      'subject_alt_names' => [
                                               'IP Address:'
                      'vpn_id' => '',
                      'vpn_id_type' => 'ipv4_address'
          'nodel' => ''

This thread was automatically locked due to age.