Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 30 subscribers
  • Views 1171 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS V19 Web Certificates and browser warning pages

ADJ

Hello,

Starting to get a bit frustrated with the Sophos web certificates - think I am going around in circles.

I have both the Default Appliance certificate and the Security SSL Certificate installed into the Trusted Certificates store on a Windows 10 Pro Laptop via management console.

Firewall rule is configured to use DPI engine for web filtering with a web filtering policy.

Every time I test the web filtering, Google Chrome always shows the "page not secure" warning with the URL showing the IP address of my Sophos Firewall.

What am I doing wrong?

I remember reading something about using FQDN instead of IP addresses - but I not fully sure if that resolves my issue? Would that have something to do with the Default Appliance certificate?

What do I need to configure to ensure that the Sophos Web Filtering Block page is displayed first time round when using the DPI-SSL web filtering?

Thanks.



This thread was automatically locked due to age.
  • 0

    If you check the certificate in the browser, is it your CA in your Firewall? If so, the import to the client CA Store did not work and you should redo it. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    An observation for what it is worth. My w10 Pro fully upto date, IE recognises and uses the XG CA, edge does not.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    Hello,

    When viewing the certificate in the browser - it shows it as the Appliance issued by the Default certificate.

    The status message for both certificates are "Certificate is OK".

    The only thing that I am thinking of is something to do with FQDN and host redirects - but I don't know where to configure that so that the certificate relates to the host name of the Firewall instead of the IP address.

  • 0

    Ok - this is odd now, despite that CA (default and security) certs installed in the Trusted store in the Win10 device, Google Chrome is now showing any HTTPS page as "not secure". Yet in the dialogue box, when viewing the certificate, it says that the "Certificate is OK".

    It seems that Chrome has updated and now doesn't recognise the certificates installed, and now shows any HTTPS page as "not secure".

    Any suggested workaround? I cannot use a different browser - only Chrome.

  • 0 in reply to ADJ

    Did you fix the issue? how?

    What is the security cert you mention? I have only uploaded the on I got from here

Unfiltered HTML