Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 9045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM-generated SSL certificate causes warning in Chrome

Arie
It looks like the UTM-generated certificate (for HTTPS filtering) is using SHA-1. 

The current version of Chrome will not regard certs with SHA-1 to be fully trustworthy (and subsequently not displaying a padlock).

Future versions (Q1 of 2015) will show a padlock with a red X on it.

Any plans to upgrade the UTM to SHA-2?



This thread was automatically locked due to age.
Parents
  • 0
    Scott, I'm [:S] !

    The Proxy CA produced by the UTM has had both a SHA1 and a SHA256 signature for well over five years.  At , I get the SHA1 warning, but at other Google sites, I don't:



    Is this a Chrome problem caused by Chrome attempting to use SHA1 to see if the client still supports it?  If the UTM stopped accepting SHA1 in advance of the 1/1/2017 deadline, would that cause more problems?  Is this more of a judgment on the quality of the servers' certs than on the CA of the UTM HTTPS Proxy?

    Or, is this problem the "Local X509 Cert" that's generated with SHA1?  Is that the cert used by the Proxy?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Scott, I'm [:S] !

    The Proxy CA produced by the UTM has had both a SHA1 and a SHA256 signature for well over five years.  At , I get the SHA1 warning, but at other Google sites, I don't:



    Is this a Chrome problem caused by Chrome attempting to use SHA1 to see if the client still supports it?  If the UTM stopped accepting SHA1 in advance of the 1/1/2017 deadline, would that cause more problems?  Is this more of a judgment on the quality of the servers' certs than on the CA of the UTM HTTPS Proxy?

    Or, is this problem the "Local X509 Cert" that's generated with SHA1?  Is that the cert used by the Proxy?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML