Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 964 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG HTTPS Scanning Certificates

Michael Ives

Hi,

I have configured HTTPS decryption and scanning but when I look at the certificate on a website it shows short validity periods, roughly 3 months. Is this normal?

To clarify, the certificate shown is the one issued by the firewall, but it's only showing as valid for roughly 3 months in the browser, but many years when looking at it under MMC on the client PCs.

Kind regards, Mike



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to Michael Ives

    XG uses the CA, which you deployed to the Clients, to generate a Certificate. This certificate will be short, to cover the requirements by Apple. XG does not create a new Certificate per OS, instead using the same certificate across all clients. 

    Before this Cert expires, XG uses the CA to create a new cert for your page. As far as i can remember, also a reboot will clear the certificate cache. 

    Overall, it should not cause any issue at all. You need to re deploy on 2036. 

  • 0 in reply to LuCar Toni

    Thanks .

    I did do a reboot but it didn't clear the cache, and I can't see anything in /var/certcache either, but if the certificate validity is changing for different websites then it must be working. Hopefully it will renew on 9 March, otherwise I'll have some upset users lol

    Thanks for your help, much appreciated!