This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HSTS on Transparent Proxy breaks authentication after Certificate renew

Hi. We had to renew the Proxy CA Certificate (Signing CA) because it would run out.

After this users complained that they can not log in to internet.

We use Browser based authentication here which forwards user to something like "https://passthrough.fw-notify.net/static/auth_transparent.html?return=http://google.de/"

Because Certificate changed for https://passthrough.fw-notify.net we had to clear Website Settings in Chrome and Firefox to allow bypassing the certificate warning coming from hsts enabled virtualhost on sophos web protection.

On Internet Explorer it seems to be a Website Setting held in registry.

 

Is this a Bug or known behavior?



This thread was automatically locked due to age.
  • Hallo and welcome to the UTM Community!

    Did you distribute the new Proxy CA to all of your users?  What line do you see in the Web Filtering log when a block occurs from this?  What did you clear in Website Settings in Firefox?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA