Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 665 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG web proxy modifies certificate start and end date

LHerzog

Hello,

is it expected bahaviour that the XG is adding several months to the certificate of a website when doing HTTPS decrpytion and inspection?

We noticed this today and were confused.

If this is "works as designed" - What is the purpose of doing that?

example:

www.heise.de

Public Cert end date is 11.6.2022, 01:59:59 as seen on the screenshot. Also note the start date.

If i open the website through XG web proxy, the cert end date is

19.4.2023, 23:20:17 and not 11.6.2022, 01:59:59

Also the start date is modified.



This thread was automatically locked due to age.
Parents Reply
  • +1 in reply to LHerzog

    We simply generate a new certificate per website and this should have a decent amout of time. 

    The DPI Engine will copy/paste the values of the original certificate. The Proxy is not doing this, because there is no need.

    My cert for heise is expiring on 11.06.22 (Signed by my XG). 

Children