Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 1566 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SecurityAppliance_SSL_CA expired or not Valid

Phil B

Hello,
I am new to the Sophos community.
I am starting with Sophos XG Firewall.
I have a Sophos XG86 that was working fine with a SSL VPN site-to-site connection in version 18.0.5MR5 to a remote site. I upgraded the remote site to SFOS 19.0.0.0 GA (Sophos Xg 2100).
And since then, my Sophos XG86 does not want to establish the SSL tunnel.
I have an alert on the Dashboard: The following certificates, configured for SSL/TLS decryption, have expired, are not yet valid, have an incomplete approval chain or are not valid for other reasons: SecurityAppliance_SSL_CA.

After several searches, I tried to regenerate the certificate (menu certificate/certificate, Appliancecertificate, click on 'regenerate certificate').
ApplianceCertificate
2015-08-01
2037-01-01
Loaded
but in administration/admin settings, I still have
HTTPS port of the administration console: 4444
HTTPS port of the user portal:443
Certificate :
ApplianceCertificate The certificate of the management console has expired or is not yet valid

I don't know how to make this certificate valid !!!!

thanks in advance
Sincerely
Philippe



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Hi,

    Thanks for your answer,

     

    I have already tried this manipulation.

    It tells me that the certificate has been regenerated successfully, but when I go to Administration/administrator settings/users/administrator console, in Certificate: Appliance Certificate: the certificate of the administration console, has expired or is not yet valid.

     

    Also in Site to Site VPN Settings/SSL VPN/General Settings/SSL Server Certificate: 'Appliance Certificate' the server certificate has expired or is not valid yet

     

    Thanks in advance

    Sincerely

    Philippe

    PhilB

  • 0 in reply to Phil B

    The SecurityAppliance_SSL_CA is a Certificate Authority used for creating new certificates in SSL decryption.

    You are having problems with the Appliance Certificate.  Go to Administration >  Admin and User Settings > and look at the Certificate selected there.
    You can go to Certificates > Certificates > ApplianceCertificate and click on the icon to regenerate it.  However what you probably really want to do is purchase a valid certificate from a public CA.

    I recommend you read
    community.sophos.com/.../https-decrypt-and-scan-faq

  • 0 in reply to Michael Dunn

    Hi Michael,
    Thanks for these explanations, but I had already tested this manipulation.
    I finally found my certificate problem. The message was :
    'ApplianceCertificate' the server certificate has expired or is not yet valid.
    In fact, it was the phrase 'is not yet valid' that put me on the trail of the problem.
    By looking at the Sophos time, I saw that the date was displayed in June 2005!
    So I resynchronized the Sophos with an NTP server ( fr.pool.ntp.org), I then regenerated the certificate appliance and everything went back in order. The SSL tunnel was re-established correctly.
    I don't know how I got there though!
    Thanks again

    Sincerely
    PhilB

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?