Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 6 subscribers
  • Views 24588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error when enabling Web Filtering

HeikoWiertalla

In Web Protection -> Web Filtering when I try to enable the Web Filtering status, the switch turns yellow, I add my local network as an allowed network and when I push Apply I get an error message saying "The HTTP/S proxy end-user certificate must not be empty."

I have no idea where to select that certificate and googling for that error message gave me zero results, so I hope someone here has a hint where to look.

I'm running version 9.351-3 in a Virtualbox VM, as this is just a machine for testing and getting to know the UTM9.

I even created a backup with the license, password, certificates/keys, endpoints removed. Then I reset the UTM to factory defaults, walked through the setup wizard and restored the backup.

Since there are no certificates in the backup, they should be created again by the initial setup, right?

Unfortunately this didn't change the behaviour, still getting the same error.


I had that working, but disabled Web Filtering because Blizzard Battle.net updates weren't working through the proxy. Now I wanted to look at that problem again and can't enable the proxy anymore. Otherwise it is working fine. Firewalling, ATP, IPS, SMTP & POP3 Proxies all enabled and working, but the Web-Proxy is giving me a hard time.


Any ideas where to look next, except reinstalling from scratch?

Thanks in advance,

Heiko



This thread was automatically locked due to age.
Parents
  • 0

    Hi Heiko,

    Did you mean you are not able to enable Web Filtering through the global option? Can you post the screenshot on the certificate error? 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello Sachin,


    that's exactly what I meant.

    As soon as I push Apply the error message shown next to the button appears.

    Doesn't matter if I use Standard or Transparent mode, results are the same.


    What baffles me is that I had it working when I first installed this VM.


    I only disabled it, because I had some problems with Battle.net updates not downloading when the proxy was active. I used the UTM without proxy for several weeks just fine. Then I found instructions on how to create an exception for Battle.net traffic and wanted to test that only to find out I couldn't enable the proxy anymore.

    I know this works even with the home license because several of my friends have it running and I have it working on the SG430 I administer at work as well.

    I will be installing another VM with a demo or home license to test this with a fresh installation, but it might be some time before I get around to doing that.

    Any hints to actually fixing the problem will be greatly appreciated, if you need more information like a config dump I can provide that as well.

    Heiko

  • 0 in reply to HeikoWiertalla

    Hi, Heiko, and welcome to the UTM Community!

    On the 'HTTPS CAs' tab in 'Web Protection >> Filtering Options', try regenerating the Signing CA.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to HeikoWiertalla

    Hi, Heiko, and welcome to the UTM Community!

    On the 'HTTPS CAs' tab in 'Web Protection >> Filtering Options', try regenerating the Signing CA.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hello Bob,


    been there, done that.


    As I wrote on May 29th, I regenerated the CA, even tried deleting all certificates and the regenerating the CA. Did that again after a complete reinstallation (from the same ISO I installed the first time, which was 9.355) and again after the update to 9.4.

    Nothing helped, the error was always exactly the same :-(

Unfiltered HTML