Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 24002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I am getting an invalid certificate error

Donald Schlicht

I recently installed Sophos XG firewall on my home system. When I enable a web policy in the predefined default network rule, I get invalid certificate errors when browseing certain websites, for example Facebook. FB will not allow any access. I have gone into System-->Certificates and there is a certificate called Appliancecertificate. When I click the manage icon, it goes and gets a new copy without error. However that does not fix the problem. 

Importing a certificate into my Windows machine will not work, because my wife also accesses FB using her cell phone.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Donald Schlicht

    Okay,

    I will rephrase that statement, you need to import the certificate into all machines that browse the web and use mail clients if you have mail scanning enabled otherwise you will get the error.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    The problem is there s only one certificate and that is the default certificate which is not downloadable. My installation does not have a certificate named SecurityAppliance_SSL_CA. This perhaps the problem.

    I am also trying to get a certificate from an organization called CAcert.org. The problem I am running into there is that I do not have a registered domain name. One thing I have not tried is to use the LAN IP address for the common name. I will try that this evening.

  • 0 in reply to Donald Schlicht

    Should be answered in the other thread.

    https://community.sophos.com/products/xg-firewall/f/initial-setup/104589/ca-setup

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    There is no SSL certificate in my installation. Please see below:

  • 0 in reply to Donald Schlicht

    You need to go to Certificate Authority on top beside of certificates. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I suspect this going to be an issue with my MBP but I cannot get safari to work with the firewall even after importing the CA. Strange thing is ff now works.

    Yes, I have read the KBA a number of times. 

    Fails to establish a secure connection.

    Any ideas besides rebuild the MBP?

    Ian

     

    I suspect I will have to delete all the entries in the keychains regarding the firewall address, regenerate the certificate and then re-install it.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi folks,

    a good start to the day. I deleted all reference to the XG from the MBP keychain, quit Safari, cleared Safari history. Restarted Safari went through the insecure site connection process, logged into the XG, downloaded the pen certificate and changed all to trust and now Safari appears to be happy.

    A possible update to the KBA might be to advise clearing keychains for those failing authentication?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Cookie Information Banner