Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 490 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with Mail protection and Microsoft exchange self-signed certificate.

Kārlis Eniks

We're using XGS126 (SFOS 19.0.0) with active Mail protection subscription and our mails are hosted on on-premises Exchange server.

We had issue, that we got error message because Sophos couldn't verify certificate for our internal mail server and mails kept bouncing. When we added this cert to Sophos, it showed up as un-trusted because there was no CA for it, as it it is self-signed, we skipped TLS negotiation with server and now everything seems to be working fine, but still i want to do everything "by the book".

Are there any advice on how to add this self-signed certificate to Sophos, so it would also show up as CA, so it would be trusted?

I guess there should be an answer for it, as Microsoft recommends using self-signed certificate for Excahnge server.



This thread was automatically locked due to age.
Parents
  • 0

    Hi @Kārlis Eniks To make it trusted, the certificate chain should get validated by the firewall when that cert is added over XG. i.e. the issuer of that certificate which is the external or local cert authority (including any intermediate CA as well if those are also there in the validation chain) from which that cert has been signed also required to be added over the firewall under the "Certificate authority" tab on XG UI.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • 0

    Hi @Kārlis Eniks To make it trusted, the certificate chain should get validated by the firewall when that cert is added over XG. i.e. the issuer of that certificate which is the external or local cert authority (including any intermediate CA as well if those are also there in the validation chain) from which that cert has been signed also required to be added over the firewall under the "Certificate authority" tab on XG UI.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML