Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1415 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to remove the certificate errors for webadmin and captive portal authentication pages

TobLai

I have followed closely step by step on this KB.

https://support.sophos.com/support/s/article/KB-000036904?language=en_U

I still cannot get rid of the Not secure warning by the browser. Am I missing something here?

Ot do I need to buy my own CA Certificate?



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi , Thanks for reaching out to Sophos Community.

    What did you set as the 'Common Name' while creating the self-signed certificate and how do you access the firewall? Via IP address or by any fqdn? 

  • 0 in reply to FormerMember

    Common Name I typed in the IP Address and then in the Advanced settings for Certificate ID, I use IP address .

  • FormerMember
    0 FormerMember in reply to TobLai

    Did you install the CA in the local machine? Also, Check the certificate presented by the WebGUI from that Local Icon before the URL.

    If possible, share the snapshots of the browser certificate and your self-signed certificate configuration

  • 0

    By default in XG, when the web proxy redirects a user to the firewall it uses the IP of the firewall which cannot be covered by a certificate. To redirect to the hostname instead, see the following:

    Sophos XG Firewall: Use hostname for page redirects


    In XG 17.5, the hostname used in redirection settings can be found at Administration > Admin Settings.

    It is possible to configure the captive portal to be displayed in HTTP rather than HTTPS and therefore not require a certificate. However, this is not recommended because passwords would be sent across the network unencrypted.