Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 24509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

expiration warning Proxy-CA after renew

hschoene

After we renew the Proxy CA cert on every day the admin receive an email with an expiration warning of the old certificate. 
We can download the right certificate from the UTM for the clients (http_proxy_signing_ca.cer).

Reboot not helps.

It is only a cosmetical bug? How can we resolve this?

 

Thanks Heiko



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    I also have this issue. My certificate was issued 2014 and is supposedly valid to 1/01/2038. I came across this thread while looking to solve the issue as I first received the warning  06/22/2017 and I figured I had better get it solved:

    1 certificate(s) will expire within the next 30 days:

    Proxy CA

     --

    System Uptime      : 1 day 12 hours 43 minutes

    System Load        : 1.09

    System Version     : Sophos UTM 9.501-5

    Please refer to the manual for detailed instructions.

    It sounds like maybe I don't have to because it is a cosmetic bug?

    Regards

    John

  • 0 in reply to firmwareking

    Generated in 2012 with 8.3, but I see that the behavior has changed - interesting!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Try to create a new one...

    Guess your certificate has been created with 6.x or 7.x. Things changed since...

    BR,

    Michael

  • 0 in reply to firmwareking

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes, we are talking about the Proxy CA and it is valid for three years from time of creation.

     

    I have the same behaviour on several machines (getting expiration warnings after having recreated the CA).

     

    I belive it's cosmetical but a bug.

     

    BR,

    Michael

  • 0 in reply to hschoene

    Just to be clear, guys, we're talking about the Proxy CA ("Signing CA") downloaded from the 'HTTPS CAs' tab in 'Web Filtering >> Filtering Options' - right?

    I can't believe that doesn't show 2038...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to hschoene

    Mine is in 30 days, I don't think it will matter i my case since i don't do any SSL MITM/intercepting in the webproxy. I do only use HTTPS URL Filtering

    Sophos UTM 9.3 Certified Engineer
    Sophos UTM 9.3 Certified Architect
    Sophos XG v.15 Certified Engineer
    Sophos XG v.17 Certified Engineer
    Sophos XG v.17 Certified Architect

  • 0 in reply to KennethHolmqvist

    Thanks Kenneth,

    many thanks for your answer.

    if it is a cosmetical bug only, it's not a big problem. The CA expiration time will be in about 14 days. Question is, what really will happens. The Proxy will works fine after this date or not.

     

    Cheers Heiko

  • 0

    Definitely a bug, i have the same issue on several UTMs

    Sophos UTM 9.3 Certified Engineer
    Sophos UTM 9.3 Certified Architect
    Sophos XG v.15 Certified Engineer
    Sophos XG v.17 Certified Engineer
    Sophos XG v.17 Certified Architect

  • 0 in reply to BAlfson

    Hi Bob,

    thank you for reply and your answer. Expiration after the renewal is in 2020. Because the customer didn't have a Support contract, we cannot open a Service request. Had called to Sophos Germany already. I think, we have to wait.

    Kind regards Heiko

Unfiltered HTML