This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error when enabling Web Filtering

In Web Protection -> Web Filtering when I try to enable the Web Filtering status, the switch turns yellow, I add my local network as an allowed network and when I push Apply I get an error message saying "The HTTP/S proxy end-user certificate must not be empty."

I have no idea where to select that certificate and googling for that error message gave me zero results, so I hope someone here has a hint where to look.

I'm running version 9.351-3 in a Virtualbox VM, as this is just a machine for testing and getting to know the UTM9.

I even created a backup with the license, password, certificates/keys, endpoints removed. Then I reset the UTM to factory defaults, walked through the setup wizard and restored the backup.

Since there are no certificates in the backup, they should be created again by the initial setup, right?

Unfortunately this didn't change the behaviour, still getting the same error.


I had that working, but disabled Web Filtering because Blizzard Battle.net updates weren't working through the proxy. Now I wanted to look at that problem again and can't enable the proxy anymore. Otherwise it is working fine. Firewalling, ATP, IPS, SMTP & POP3 Proxies all enabled and working, but the Web-Proxy is giving me a hard time.


Any ideas where to look next, except reinstalling from scratch?

Thanks in advance,

Heiko



This thread was automatically locked due to age.
Parents Reply
  • Can you nuke out all the config in web filtering? Are you  trying to decrypt HTTPS?
    What do you have set in Web Filtering -> HTTPS ? Try setting to URL filtering and see if that helps. 

    Alternatively you can regenerate the Sophos UTM's certificate in Management -> Web Admin -> HTTPS Certificate. It probably has an invalid date or something similar.

Children
  • I can't even enable Web Filtering, so the HTTPS tab is grey and can't be selected.

    When I try to enable it and hit Apply, I get the error "The HTTP/S proxy end-user certificate must not be empty."

    Doesn't matter if I try standard or transparent mode, results are the same.


    The certificates have already been regenerated, I even reset the VM to factory default, and restored an old config without passwords, license info and certificates, so that should have given me a new CA and new default certificates, right?


    I even tried regenerating the CA after the restore and again today after updating to the latest version 9.403-4. Didn't change anything.

    Although I don't see how the Web Admin certificate relates to Web Protection, I even regenerated this certificate and reassigned it as you suggested. That didn't do anything either.


    At work I have 2 SG430 running Web Protection just fine, the problem just happens with my private home license, so I suspect something's fishy with my configuration.


    If you don't have any more ideas, I guess I'll try to reinstall that from scratch.

  • Hello,

    Did you find something to fix it ? I got a similar issue with web filtering and https certificate.

  • It's working on my licenced UTM (hardware UTM) and Home Edition (virtual UTM), but its not working on a hardware UTM with an evaluation license. I think its because you cannot customize the block page so you cannot use this functionality.

  • Btw I'm talking about "Certificate for End-User Pages"