Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

LetsEncrypt Certificate untrusted on XG 18.0.4 MR4

Hi Folks

I have a problem with importing a certificate (pfx) into Sohpos XG [SFVH (SFOS 18.0.4 MR-4)].

I have a LetsEncrypt certificate which covers 3 domains including wildcards for the domains in the SAN list.
The certificate is in PFX format (private key + fullchain cert). When I import (upload) the pfx file into
the system everything works fine (green confirmation). The cert is added to the store but "Authority" shows a red cross instead
of a green checkmark. This results in the certificate not available for Web-Publishing rules.

If I import the same certificate (pfx) into XG 18.0.3 MR3 everything is fine and I can use it for Web-Publishing.

The LetsEncrypt certificates trust chain is

DST Root CA X3 -> R3 -> mydomain.org

So what's the problem here ? What's the difference between MR3 an MR4 ?
When I check CA certstore of the MR4 system I can see that both chain members

- DST Root CA X3
- R3

exist in the store.

So this is weird.

Any idea.



Wrong title
[edited by: Posbis at 11:43 PM (GMT -8) on 13 Jan 2021]
Parents Reply Children
No Data