Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 2089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Machine Picking Up Sophos Web Appliance Cert instead of websites even when bypassed.

DM85

Hi

This is a bit long winded but hoping someone can help.

We have a device on our network that needs to speak to a website to gain a certificate so it then can be remote connected to from outside the organisation.

I've added the certificate from the website to the Sophos Management Appliance but the software just won't accept it.

If I go through IE on that machine to the website in question I can check the cert in the browser and it says  Issued by "joebloggs.com"

If I i go through the software to get the certification it says Issued by: Sophos Web Appliance. I just can't get this machine to ignore Sophos so to speak.

I've made it a https scanning exemption,added the (non-domain) PC to a connection profile that bypasses authentication to see if that helps. (what is "use IP-based policy rules"?)



This thread was automatically locked due to age.
Parents
  • 0
    You may need to use wireshark on the client to determine exactly which websites it is connecting to.  The SWA log does not necessarily show requests that are attempted but are not completed because of certificate issues.
     
     
    You could go to Global Policy, Certificate Validation and temporarily turning it off.  If that helps, you can turn it back on and then try "Add certificate from a web site" to get it to accept specific website's unusual certificates.

    You could go to Global Policy, HTTPS scanning exemptions and enter in the websites.
     
    One other thing to do is go to the local site list and enter in the site, making it Trusted.  That will remove some checks.
Reply
  • 0
    You may need to use wireshark on the client to determine exactly which websites it is connecting to.  The SWA log does not necessarily show requests that are attempted but are not completed because of certificate issues.
     
     
    You could go to Global Policy, Certificate Validation and temporarily turning it off.  If that helps, you can turn it back on and then try "Add certificate from a web site" to get it to accept specific website's unusual certificates.

    You could go to Global Policy, HTTPS scanning exemptions and enter in the websites.
     
    One other thing to do is go to the local site list and enter in the site, making it Trusted.  That will remove some checks.
Children
No Data
Unfiltered HTML