Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 29 subscribers
  • Views 6164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG shows site access error of expired SSL certificate - when certificate is still valid

rfcat_vk

Hi folks,

the XG has suddenly decided that as valid certificate has expired.

I will create an exception for this site and hopefully someone can explain why this is happening?

Ian



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Martin Hampl

    Hi all,

    ok it works but now the question is: Why Sophos XG doesn't support USERTRust?

    A legacy browser or older device that does not have the modern “USERTRust” root would not trust it and so would look further up the chain to a root it does trust, the AddTrust External CA Root. A more modern browser would have the USERTrust root already installed and trust itwithout needing to rely on the older AddTrust root.

    Max.

     

  • 0 in reply to MassimoDalla Giustina

    Hej Max,

    IMHO it‘s not »Sophos not supporting UserTrust« but more a thing of older versions of OpenSSL not doing the multipath check correctly. Also GnuTLS has a bug which has been fixed some days ago. So this problem occurs more or less due to »broken« SSL libraries...

    Best regards,

    Andreas