This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate Error in Outlook 2010

Hi there,

I upgraded our Web Appliance to V4.0.2.2 in gradual steps yesterday (1st June 2015) and we have suddently started getting a certificate error in Outlook 2010 claiming that an untrusted certificate has been issued by the Web Appliance to autodiscover.domain.com (see attached photo). The strange thing is the certificate was issued on the 27th May, several days before I did the box upgrade.

I have tried enabling Certificate Validation (which we don't tend to use) but it makes no difference that I can tell.

Is anyone else getting anything odd like this? Any ideas where to start looking?

Cheers.

:57486


This thread was automatically locked due to age.
Parents
  • Hi ReverendRob,

    If you do not have HTTPS Scanning enabled, the appliance will still use it's self-signed certificate to send error or warn pages for HTTPS Requests; this is required because browser require a reply to be encrypted using SSL/TLS.   You should seach for any requests that might have been blocked/warn for the user.  If you don't seen any type of block in the search, you can look at the sophos_log if you back it up via FTP or syslog server; or call support to look at the log on the backend.

    Generally I recommend deploying the Sophos Root CA on your clients to avoid any type of certificate errors that might show up for end users due to errors or alert responses from the Web Appliance for HTTPS requests.  You can find information on how to do that here:

    https://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    Petr.

    :57490
Reply
  • Hi ReverendRob,

    If you do not have HTTPS Scanning enabled, the appliance will still use it's self-signed certificate to send error or warn pages for HTTPS Requests; this is required because browser require a reply to be encrypted using SSL/TLS.   You should seach for any requests that might have been blocked/warn for the user.  If you don't seen any type of block in the search, you can look at the sophos_log if you back it up via FTP or syslog server; or call support to look at the log on the backend.

    Generally I recommend deploying the Sophos Root CA on your clients to avoid any type of certificate errors that might show up for end users due to errors or alert responses from the Web Appliance for HTTPS requests.  You can find information on how to do that here:

    https://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    Petr.

    :57490
Children
No Data