Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 625 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How Sophos (or firewalls) determine that a certificate is invalid?

John Henry Vindas Carballo

Hello everyone,

Recently, I have been experiencing some issues for having HTTPS scanning/decrypting active in the rules on my network.

For some reason, when I try to access some websites I got a Sophos block message saying that the certificate its invalid.

I thought that was related to the fact that the certificate didn't have an owner name, something like this:

Then, I've found another website with a similar certificate but this time I didn't get any issue.

So, its not really clear for me, what is the condition to say that a certificate its invalid? How can I explain this behaviour to my boss?

I have the "Block invalid certiticates" option marked on the firewall but I want to know what is happening before I decide to change something.



This thread was automatically locked due to age.
Parents
  • 0

    The only difference I see in the certificates is that one is TLS 1.2 and the other TLS 1.3, both Let's Encrypt.

    If you have configured the TLS scanning to allow only TLS 1.3, it might make sense you're getting the message with the first one and not the second one. Also, you can see in Log Viewer the reason why it was blocked, you could post some screenshots of that.

Reply
  • 0

    The only difference I see in the certificates is that one is TLS 1.2 and the other TLS 1.3, both Let's Encrypt.

    If you have configured the TLS scanning to allow only TLS 1.3, it might make sense you're getting the message with the first one and not the second one. Also, you can see in Log Viewer the reason why it was blocked, you could post some screenshots of that.

Children