Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 934 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create SSL scanning certificate with macOS 10.15 (Catalina)

Jens Greiner

Hi, I am running a XG106 with (SFOS 18.0.1 MR-1-Build396). I am aware of the Catalina and iOS13 issues with certificates.

All the How-to's I found so far point creating a self-signed certificate with a Win server. I don't have such a Windows server, all we use are Apple devices (notebooks/iPads/iPhones) and a few Win 10 clients.

I tried already to follow that How-to but at the end the created and signed-on-the-MacBook certificate is not accepted by the XG. So far I wasted a lot of time getting this DPI feature up and running.

I would really appreciate if someone could give me a step by step procedure how to replace that default certificate not working on current Macs and Apple mobile devices with a working one.

It seems that issue was fixed already on SFOS 17.x, and I wonder why there is nothing for v18 yet.

Thank you very much,

Jens



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jens,

    have you relied installing the default XG CA?

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    I first tried to use the default XG CA in cooperation with a Sophos Partner consultant. But default certificate was not accepted due to new CA requirements by Apple.

    If this is, what you asked for.

    Thanks,

    Jens

  • 0 in reply to Jens Greiner

    Hi,

    correct. I don’t use vpns, but I do use the https decrypt and scan function on my Mac mini and my wife’s MBP. I also use the ca for smtp scanning.

    I have two certificates installed, one expires in 2036 and the other in 2021.

    ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    are you using the default certificate since Catalina or did you set it up before you upgraded to Catalina?

    I ask because somewhere I read that installed certificates before Catalina continued to work, but when you try to install it after you upgraded to Catalina it won't work.

    I want to use it to decrypt and scan https and one day I will setup VPN too.

    This are the certificates installed so far:

    Certificates

    and CAs:

    Certificate Authorities

    I think, we tried with the one named "SecurityApplicance_SSL_CA". Should I try the one named "Default" instead?

    Thanks,

    Jens

Reply
  • 0 in reply to rfcat_vk

    Hi Ian,

    are you using the default certificate since Catalina or did you set it up before you upgraded to Catalina?

    I ask because somewhere I read that installed certificates before Catalina continued to work, but when you try to install it after you upgraded to Catalina it won't work.

    I want to use it to decrypt and scan https and one day I will setup VPN too.

    This are the certificates installed so far:

    Certificates

    and CAs:

    Certificate Authorities

    I think, we tried with the one named "SecurityApplicance_SSL_CA". Should I try the one named "Default" instead?

    Thanks,

    Jens

Children