Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 6 subscribers
  • Views 24582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error when enabling Web Filtering

HeikoWiertalla

In Web Protection -> Web Filtering when I try to enable the Web Filtering status, the switch turns yellow, I add my local network as an allowed network and when I push Apply I get an error message saying "The HTTP/S proxy end-user certificate must not be empty."

I have no idea where to select that certificate and googling for that error message gave me zero results, so I hope someone here has a hint where to look.

I'm running version 9.351-3 in a Virtualbox VM, as this is just a machine for testing and getting to know the UTM9.

I even created a backup with the license, password, certificates/keys, endpoints removed. Then I reset the UTM to factory defaults, walked through the setup wizard and restored the backup.

Since there are no certificates in the backup, they should be created again by the initial setup, right?

Unfortunately this didn't change the behaviour, still getting the same error.


I had that working, but disabled Web Filtering because Blizzard Battle.net updates weren't working through the proxy. Now I wanted to look at that problem again and can't enable the proxy anymore. Otherwise it is working fine. Firewalling, ATP, IPS, SMTP & POP3 Proxies all enabled and working, but the Web-Proxy is giving me a hard time.


Any ideas where to look next, except reinstalling from scratch?

Thanks in advance,

Heiko



This thread was automatically locked due to age.
  • 0 in reply to Michael Dunn

    As I scanned down through the thread and came to my post, I realized my oops!  Seeing your post put a smile on my face - that's the only thing to try.  Still, I wonder if he doesn't have a faulty ISO image.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,


    been there, done that.


    As I wrote on May 29th, I regenerated the CA, even tried deleting all certificates and the regenerating the CA. Did that again after a complete reinstallation (from the same ISO I installed the first time, which was 9.355) and again after the update to 9.4.

    Nothing helped, the error was always exactly the same :-(

  • 0 in reply to Michael Dunn

    Hello Michael,


    the problem is not with the user portal or the web admin interface.

    I can access both just fine.

    It's the web proxy that is causing the problem. But just to make sure, I changed that certificate as well. Didn't help.

  • 0 in reply to BAlfson

    Hello Bob,


    I don't think the ISO image is faulty because right after the first installation, it worked just fine.

    As I described in my first post, I had the proxy enabled, then disabled it because of some problems with Blizzard Battle.net downloads for which I didn't have a quick solution then.

    After I found that solution I wanted to reenable the proxy to configure the exception for Battle.net and that's when I got stuck with that damn error nobody seems to have heard of so far.

    I will install version 9.404-5 today and try again. If that does not help, I will install a completely new VM from a current ISO and do some more testing, but that will happen only after the Euro 2016 is over. Too many soccer games to watch and too little free time available :-)


    I'll let you guys know how it works out, but thanks in advance anyway for the suggestions.

    Regards,

    Heiko

  • 0 in reply to HeikoWiertalla

    I think the problem is the "Certificate for End User Pages" that is in the Misc tab.  Somehow I think you have the option on but no certificate.

    I don't know the location within cc (backend config) where this is stored and I don't have a system to test on.  Perhaps someone else knows or can trial turning it on and finding the location in cc.

  • 0 in reply to Michael Dunn

    You should match:

    cc get  http | grep portal
              'portal_cert' => '',
              'portal_cert_chain' => [],
              'portal_domain' => '',
              'portal_hosts' => [],
              'portal_use_cert' => 0,

    Use command like this to set the values

    cc set http portal_use_cert 0

Unfiltered HTML