I'm running (SFOS 18.0.3 MR-3). I was under the impression that the certificate selected in admin settings should be used for all XG services but I'm being presented with a different one on port 8090:
I've tried setting the certificate back to the default one then back to my self-signed one again. I've tried rebooting the FW.
Am I missing a setting somewhere?
Ah! Sorry guys, thought I'd done good search of the forum before starting this thread. Anyway it started working (started presenting the correct cert) and I'm 99% sure it just after I changed the…
Looks like the same issue as here: https://community.sophos.com/xg-firewall/f/discussions/123597/xg-18-mr3-use-incorrect-certificate-in-web-warn-block-page
Michael Dunn Can we look into this?
Ah! Sorry guys, thought I'd done good search of the forum before starting this thread. Anyway it started working (started presenting the correct cert) and I'm 99% sure it just after I changed the Web proxy scanning mode from batch to real-time. Changed it back and it's still ok. So I wonder if this has triggered an update of the cert being used?
Hi, I already try your suggestion be switching between batch to real-time and It just won't work. It just keeps sending self signed cert to blockpage 8090
You guys all use a own certificate, not the sophos certificate. Is this a CA or a "normal" certificate? Is it a wildcard? Can we try to find a matching pattern?
In our case, we use our own wildcard certificate (which is bought) for WebAdmin, UserPortal and Captive Portal (which has the issue). We need that, because our UserPortal needs to be accessed from external Users which are not in our Domain and cannot have the Sophos in the trusted root CA. For Webfiltering etc. we use the Sophos CA which is configured in GPO to be trusted.