Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 14969 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to add custom CA certificate for HTTPS scanning

Matt Zuba

We're using version 4.3.3.1 of the web appliance and when trying to upload a custom CA cert and key, receive an error that the file contains a virus and will not be uploaded.  I've tried uploading via the GUI, tried with cURL on the command line and even tried multiple CA cert/key attempts and all result in the same error.  Can anyone shed some light as to why this is happening?



This thread was automatically locked due to age.
  • 0

    Hi Matt,

    Can you please show us a screenshot of this error? The certificate must be in PEM or PKCS#12 format. A certificate must be a self-signed certificate that has been deployed to endpoint browsers, or by one of the authorities already supported by the browser on the endpoint.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Hi Matt,

    You may find this useful https://community.sophos.com/kb/en-us/127827

    keep in mind that this is the only proceedure that will work.. you will not be able to upload a custom ca outside this self signed method (in short every https request generates a new cert, so the cert must be able to generate and sign all certs passed to the users)

  • 0

    Thanks for the link.  I should have mentioned in my first post that I was indeed following those instructions to no avail.  I tried regenerating a new cert and key multiple times and just kept getting the same error.

    The key and cert are both in PEM formats.  I'm out sick today from work, but I'll get a screenshot tomorrow off the error.

  • 0 in reply to Matt Zuba

    Your best bet is to open a support case so they can get access to the appliance and or see the steps your taking

  • 0 in reply to Red_Warrior

    Unfortunately our contract/license is expired with this appliance as we have planned to move to a different appliance/vendor, however that one is not ready to be rolled out quite yet; so that's why I wanted to try posting on the community forums instead of opening a ticket.

    For what it's worth, attached is a screenshot of the error; not much to it really.  After trying to upload the cert/key, the error appears and the boxes to upload the files are cleared out.

     

  • 0 in reply to Matt Zuba

    If your product is not licensed then the AV will not update and may not be working as intended.  Appliances periodically check their license status if it's expired the appliance will not update.  After the grace period ends the appliance will stop processing traffic.

     

    So its possible SAV may be in a state that is causing this error and or you are not permitted to add certificates if the licence check fails. 

Unfiltered HTML