Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall Manager in firefox does not show as trusted despite uploading Cert with CA Chain

Krystin Dix

I have set up a trial of Sophos Firewall Manager so that I can log firewall changes centralized (I have ordered SFM to use this fully with my provider). I have two sites and the following XG Devices, 2x XG 210 (active/passive setup) and 1 x 125 in a remote site location with an IPsec VPN.

When adding a Cert and Private key to SFM I get this trusted in Chrome on a new computer/install. Firefox shows as untrusted due to the following error. Is there a way to change the Chain that SFM Presents to clients to have my intermediate CA shown?

Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: 

-----BEGIN CERTIFICATE----- XXX My Cert -----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- MIIFOTCCBCGgAwIBAgIJALYx9Wdf6KSiMA0GCSqGSIb3DQEBCwUAMIHDMQswCQYD VQQGEwJBVTEaMBgGA1UECAwRV2VzdGVybiBBdXN0cmFsaWExDzANBgNVBAcMBkJy b29tZTEiMCAGA1UECgwZS2ltYmVybGV5IFBvcnRzIEF1dGhvcml0eTELMAkGA1UE CwwCT1UxIjAgBgNVBAMMGVNvcGhvc19DQV9NMDEwMDFHVkhCTUQzQkExMjAwBgkq hkiG9w0BCQEWI2ljdG9mZmljZXJAa2ltYmVybGV5cG9ydHMud2EuZ292LmF1MB4X DTE5MDcwNDAwMjA0NloXDTM2MTIzMTAwMjA0NlowgcMxCzAJBgNVBAYTAkFVMRow GAYDVQQIDBFXZXN0ZXJuIEF1c3RyYWxpYTEPMA0GA1UEBwwGQnJvb21lMSIwIAYD VQQKDBlLaW1iZXJsZXkgUG9ydHMgQXV0aG9yaXR5MQswCQYDVQQLDAJPVTEiMCAG A1UEAwwZU29waG9zX0NBX00wMTAwMUdWSEJNRDNCQTEyMDAGCSqGSIb3DQEJARYj aWN0b2ZmaWNlckBraW1iZXJsZXlwb3J0cy53YS5nb3YuYXUwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDaX9C0aRSEx910dIboyRcHzDsdoG5c+EVzyf6q MumGbBHc8FG4i/f8c4d3Kx7tKXoKTCuHQ1H52R/OEu2GzUyCWwvhMlEyJ3WjCHCd FqPB21CXmkWOhcDHbYEZwid+kVvcwVwdgk7uDcYSTZuQeq8vj/sGhOj4YjgW1l2L OgY1R2NuvutwwIZZTUbZzL2aYXFbcoqELBRoGk95v2Knyj4ZvwKA0z1oGXJUxB6B dxh2yhnw6TStXyRxOCxnCeyxOXg/eY9dyIxo06KrM7G7R0SrS4Hs2xtWdU97jA7M FvyWIWqCCsUFDke0oSJzGkmmGlBZZXBOmlBQbGiIdAeI31vpAgMBAAGjggEsMIIB KDAdBgNVHQ4EFgQUkg07/mf+poinvegjSRCOjAG6BggwgfgGA1UdIwSB8DCB7YAU kg07/mf+poinvegjSRCOjAG6BgihgcmkgcYwgcMxCzAJBgNVBAYTAkFVMRowGAYD VQQIDBFXZXN0ZXJuIEF1c3RyYWxpYTEPMA0GA1UEBwwGQnJvb21lMSIwIAYDVQQK DBlLaW1iZXJsZXkgUG9ydHMgQXV0aG9yaXR5MQswCQYDVQQLDAJPVTEiMCAGA1UE AwwZU29waG9zX0NBX00wMTAwMUdWSEJNRDNCQTEyMDAGCSqGSIb3DQEJARYjaWN0 b2ZmaWNlckBraW1iZXJsZXlwb3J0cy53YS5nb3YuYXWCCQC2MfVnX+ikojAMBgNV HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA7lEo7JX5jO2zMpin9sakbFQrI 8t5Ox1bQoJk5Q4aQPjkTvPwABI4pwTy95Fyc846MnAPgihxWG4icVvNoVlRXdxdC PAXZ4nNoqAD/Y8PTLqIpZtf334y2lCwjlW5bmuJr+BtMzwLLBk1FE8S1kfuLgf6d 5C+MCQPG5qV+4VjSc3jzNOMqHdCWUOvxE5S440lWf4agHPu9/hp4NU+yWwhPtt39 AHR9cW1tUPInIT+pXyHr1ZLS9B08emUO8+8ly+GSPMorQrN3H/biV4me2LBfWfMo vWJAApVyVEiySo0EWEOAlmVwYSgrKTtZSqO7yRibmBh/WCu8eiRnZsZheAZF -----END CERTIFICATE----- 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Ok - so I have now resolved this by adding the Intermediate Certificate (Trustwave Organization Valadation) to the firefox Certificate store. This is despite adding the Intermediate as appart of the certificate when uploading to SFM.

     

    Is there a way to get SFM to pass out the Intermediate Certificate as well?

Children
No Data