This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Revocation Check Failed for exchange 2016 digicert ssl certificate

Hi

I have installed a new exchange 2016 and internal/external emails are working fine. I bought a multi domain ssl certificate from digicert and installed it but it says revocation check fail. I'm using Sophos UTM SG 310 and cant find a way to resolve it. Eset antivirus activation is also stuck.

Fyi..I'm not really good at sophos so bit new.

Any help to get it resolve would be fantastic

thanks



This thread was automatically locked due to age.
Parents
  • Hi Dominic and welcome to the UTM Community!

    Show a line from the Web Filtering log related to each block.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    This is from the web filter log..

    2018:11:29-12:47:08 rg-sophos-fw httpproxy[6728]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.9.149" dstip="192.168.31.16" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8984" request="0xd62ab200" url="mail.remington.com.pg/" referer="" error="" authtime="0" dnstime="2" cattime="79" avscantime="0" fullreqtime="250614" device="0" auth="0" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" country="N/A"
    2018:11:29-12:47:09 rg-sophos-fw httpproxy[6728]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdd08b800" function="read_request_headers" file="request.c" line="1708" message="request misses host part"
    2018:11:29-12:47:09 rg-sophos-fw httpproxy[6728]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.4.115" dstip="" user="" group="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2507" request="0xdd08b800" url="/wpad.dat" referer="" error="Received invalid request from Client" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="117" device="0" auth="0" ua="" exceptions=""

    I'm not sure if thats what you want.

    Advice if incorrect

    thanks
    dom
Reply
  • Hi Bob,

     

    This is from the web filter log..

    2018:11:29-12:47:08 rg-sophos-fw httpproxy[6728]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.9.149" dstip="192.168.31.16" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8984" request="0xd62ab200" url="mail.remington.com.pg/" referer="" error="" authtime="0" dnstime="2" cattime="79" avscantime="0" fullreqtime="250614" device="0" auth="0" ua="" exceptions="" category="105" reputation="neutral" categoryname="Business" country="N/A"
    2018:11:29-12:47:09 rg-sophos-fw httpproxy[6728]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdd08b800" function="read_request_headers" file="request.c" line="1708" message="request misses host part"
    2018:11:29-12:47:09 rg-sophos-fw httpproxy[6728]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.4.115" dstip="" user="" group="" ad_domain="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2507" request="0xdd08b800" url="/wpad.dat" referer="" error="Received invalid request from Client" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="117" device="0" auth="0" ua="" exceptions=""

    I'm not sure if thats what you want.

    Advice if incorrect

    thanks
    dom
Children
  • I'm not sure what we're looking at, Dom.  Is this eset?

    The first log line is a successful CONNECT from 192.168.9.149 to 192.168.31.16.  This doesn't seem to be related to the last two lines.  In any case, I usually recommend not going through Web Filtering unless the target server is in a DMZ that can be reached by the public.

    The last line goes with the line just above it.  The access wasn't blocked (I wish Sophos would use a different word in such cases), it failed because the request from 192.168.4.115 was not complete.  In this case, you must skip the Proxy for this access.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA