This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Notification] Advisory: Sophos Web Appliance: Certificate validation failed for sites signed by Sectigo root CA

Hi Community,

Overview

Websites that are signed by Sectigo root CA may fail to connect and a certificate validation failed due certificate AddTrust External CA Root expired on May 30th 2020

An issue occurs cause OpenSSL checks the certificate chain path which leads to an expired 'AddTrust External CA'. Hence you may observe sites that are signed by Sectigo root CA may fail to connect and a certificate validation failed message displayed to the end-user

If you have a site that has an expired certificate and is processed by Sophos Web appliance it would block the website by certificate verification. 

Here is a sample of the packet capture when the remote server would present the CA certificate which has expired.

If the certificate which is expired is presented to Sophos Web Appliance, it would check for validation of the certificate and would determine if it's valid or not. Users would see the following error message

 

For more information, please visit this article: https://community.sophos.com/kb/en-us/135544



This thread was automatically locked due to age.
Parents Reply Children