Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 692 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using factory SSL certificate for DPI/Filtering

MHSWA

Hi All

I've been using my XG210 now for a few years, but I've always had random issues with DPI/Web Filtering, around 10% or more of the time I have users who will see the self signed certificate wanting when going to a site they shouldn't be on then have to hot proceed and I accept the risk before the sophos blocked page shows up, sometimes it will just show up without the warning

I've come to realise this might be due to the Appliance certificate used that is deployed across the network's hostname is not the IP or hostname of the firewall.....

How can I change this? All of the places I've read is not clear, I have SSL vpn and sophos connect setup so I don't want to mess around d with the user certificates at all if I can avoid it...

Is there a way to update the common name or can someone point me in the right direction to regenerate a certificate for filtering/portal use



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, Under the Administration > Admin and user settings you'll be able to see the certificate used 

    And for web-filtering you can find it under the web > general settings:

    This certificates can be found under the following path:
    Appliance cert - Certificates > Certificates > ApplianceCertificate

    And for the SSL_CA it will be certificate > certificate authorities > SecurityAppliance_SSL_CA

    Ensure your default cert is filled in properly with all the details with the correct hostname and the common name matching with the hostname under the Administration > Admin and user settings as a best practice. 
    To Regenerate a CA - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificateAuthorityRegenerate/index.html
    Similarly you can also Regenerate appliance certificate.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hello  ,

    Thank you for reaching out to the community, Under the Administration > Admin and user settings you'll be able to see the certificate used 

    And for web-filtering you can find it under the web > general settings:

    This certificates can be found under the following path:
    Appliance cert - Certificates > Certificates > ApplianceCertificate

    And for the SSL_CA it will be certificate > certificate authorities > SecurityAppliance_SSL_CA

    Ensure your default cert is filled in properly with all the details with the correct hostname and the common name matching with the hostname under the Administration > Admin and user settings as a best practice. 
    To Regenerate a CA - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificateAuthorityRegenerate/index.html
    Similarly you can also Regenerate appliance certificate.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML