Hi all,
we have installed a new xgs firewall and up to now we trying to keep things save and at a high security level. So we also check Certificate Errors. Today we get an error when access a site which i dont understand. Sophos says TLS Cert is invalid. But if i look at the certificate all is ok ? how can i check with xgs admin webif if some https url is ok ? is there some diagnostic tool ?
below is the entry in log. invalid issuer points me to the right ca is not installed ? i dont want to whitelist any error. better would be to import the missing ca certs ?
2021-12-14 09:05:12SSL/TLS inspectionmessageid="19007" log_type="SSL" log_component="SSL" log_subtype="Reject and notify" severity="Information" user="noga@arcus.local" src_ip="xxxxxxx" dst_ip="xxxxxxxx" user_group="xxxxxxxxxxxx" src_country="R1" dst_country="ITA" src_port="53139" dst_port="443" app_name="" app_id="0" category="Travel" category_id="76" con_id="866141120" rule_id="2" profile_id="2" rule_name="xxxxxxxxxxxxx" profile_name="Block insecure SSL" bitmask="Invalid issuer" key_type="KEY_TYPE__RSA" key_param="RSA 2048 bits" fingerprint="1a:67:3e:05:a6:0e:a2:98:69:1f:1a:94:11:8b:e9:fa:05:d2:a6:2c" resumed="0" cert_chain_served="FALSE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="server.matteothun.com" tls_version="TLS1.2" reason="Blocked due to invalid TLS certificate" exception="" message=""
This thread was automatically locked due to age.
