Hi,
I have configured HTTPS decryption and scanning but when I look at the certificate on a website it shows short validity periods, roughly 3 months. Is this normal?
To clarify, the certificate shown is the one issued by the firewall, but it's only showing as valid for roughly 3 months in the browser, but many years when looking at it under MMC on the client PCs.
Kind regards, Mike
XG uses the CA, which you deployed to the Clients, to generate a Certificate. This certificate will be short, to cover the requirements by Apple. XG does not create a new Certificate per OS, instead using the same certificate across all clients.
Before this Cert expires, XG uses the CA to create a new cert for your page. As far as i can remember, also a reboot will clear the certificate cache.
Overall, it should not cause any issue at all. You need to re deploy on 2036.
Hi ,
Thanks for coming back to me.
I have attached 4 screenshots, one of which shows the SSL_CA from my XG appliance that has been trusted by my macbook, and the other 3 as below (issued by SSL_CA from appliance):
- expiring 9 March 2021
- expiring 19 March 2021
- expiring 12 February 2021
I have double checked another couple of client devices and they get the same. Is this normal or have I configured something wrong? This is my first Sophos XG device, and it's not in production yet, so there is time to get it right (phew).
Kind regards,
Michael
