Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 6 subscribers
  • Views 24596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error when enabling Web Filtering

HeikoWiertalla

In Web Protection -> Web Filtering when I try to enable the Web Filtering status, the switch turns yellow, I add my local network as an allowed network and when I push Apply I get an error message saying "The HTTP/S proxy end-user certificate must not be empty."

I have no idea where to select that certificate and googling for that error message gave me zero results, so I hope someone here has a hint where to look.

I'm running version 9.351-3 in a Virtualbox VM, as this is just a machine for testing and getting to know the UTM9.

I even created a backup with the license, password, certificates/keys, endpoints removed. Then I reset the UTM to factory defaults, walked through the setup wizard and restored the backup.

Since there are no certificates in the backup, they should be created again by the initial setup, right?

Unfortunately this didn't change the behaviour, still getting the same error.


I had that working, but disabled Web Filtering because Blizzard Battle.net updates weren't working through the proxy. Now I wanted to look at that problem again and can't enable the proxy anymore. Otherwise it is working fine. Firewalling, ATP, IPS, SMTP & POP3 Proxies all enabled and working, but the Web-Proxy is giving me a hard time.


Any ideas where to look next, except reinstalling from scratch?

Thanks in advance,

Heiko



This thread was automatically locked due to age.
  • 0

    No idea anyone?


    The problem still occurs in Versions 9.355 and 9.403-4.

    Regards,

    Heiko

  • 0 in reply to HeikoWiertalla

    Can you nuke out all the config in web filtering? Are you  trying to decrypt HTTPS?
    What do you have set in Web Filtering -> HTTPS ? Try setting to URL filtering and see if that helps. 

    Alternatively you can regenerate the Sophos UTM's certificate in Management -> Web Admin -> HTTPS Certificate. It probably has an invalid date or something similar.

  • 0 in reply to AWilson

    I can't even enable Web Filtering, so the HTTPS tab is grey and can't be selected.

    When I try to enable it and hit Apply, I get the error "The HTTP/S proxy end-user certificate must not be empty."

    Doesn't matter if I try standard or transparent mode, results are the same.


    The certificates have already been regenerated, I even reset the VM to factory default, and restored an old config without passwords, license info and certificates, so that should have given me a new CA and new default certificates, right?


    I even tried regenerating the CA after the restore and again today after updating to the latest version 9.403-4. Didn't change anything.

    Although I don't see how the Web Admin certificate relates to Web Protection, I even regenerated this certificate and reassigned it as you suggested. That didn't do anything either.


    At work I have 2 SG430 running Web Protection just fine, the problem just happens with my private home license, so I suspect something's fishy with my configuration.


    If you don't have any more ideas, I guess I'll try to reinstall that from scratch.

  • 0 in reply to HeikoWiertalla

    Hello,

    Did you find something to fix it ? I got a similar issue with web filtering and https certificate.

  • 0 in reply to scaledem

    It's working on my licenced UTM (hardware UTM) and Home Edition (virtual UTM), but its not working on a hardware UTM with an evaluation license. I think its because you cannot customize the block page so you cannot use this functionality.

  • 0 in reply to scaledem

    Btw I'm talking about "Certificate for End-User Pages"

  • 0

    Hi Heiko,

    Did you mean you are not able to enable Web Filtering through the global option? Can you post the screenshot on the certificate error? 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello Sachin,


    that's exactly what I meant.

    As soon as I push Apply the error message shown next to the button appears.

    Doesn't matter if I use Standard or Transparent mode, results are the same.


    What baffles me is that I had it working when I first installed this VM.


    I only disabled it, because I had some problems with Battle.net updates not downloading when the proxy was active. I used the UTM without proxy for several weeks just fine. Then I found instructions on how to create an exception for Battle.net traffic and wanted to test that only to find out I couldn't enable the proxy anymore.

    I know this works even with the home license because several of my friends have it running and I have it working on the SG430 I administer at work as well.

    I will be installing another VM with a demo or home license to test this with a fresh installation, but it might be some time before I get around to doing that.

    Any hints to actually fixing the problem will be greatly appreciated, if you need more information like a config dump I can provide that as well.

    Heiko

  • 0 in reply to HeikoWiertalla

    Hi, Heiko, and welcome to the UTM Community!

    On the 'HTTPS CAs' tab in 'Web Protection >> Filtering Options', try regenerating the Signing CA.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to HeikoWiertalla

    My memory is fuzzy but I don't think this is the signing Certificate Authority.


    I would look here:

    WebAdmin Setting, HTTPS Certificate, User Portal Certificate.

Unfiltered HTML