Validate Server Certificate

Question

Hey guys, reaching out for some much-needed help. Have read similar posts but nothing makes sense to me in them. 
 I have purchased a certificate as well as created a local active directory certificate server. (All Witchcraft to me) 
 Have installed them on the sophos XG firewall under Certificates. All working well it appears. 
 I go to: 
 Configure -> Authentication -> Servers and set up my SSL/TLS connection to active directory. 
 Select Test Connection and all is good.

However, when I select Validate server Certificate I get: 
 
 What is the firewall doing here, which server is down or unreachable? Is it my Root CA server that is in active directory? Or is it the domain controller? (CA is install on a Domain Member, not on the domain controller) 
 Note: Firewalls are not active on the Windows Domain Controller and Domain Members. 
 All active directory servers and workstation are on the local network. I don't think I am restricting anything on the local network. Or is there a predefined rule that does? 
 What am I missing here? Any advice would be greatly appreciated. 
 Thankyou.

Vivek Jagad · Accepted Answer

What is the common name under the default certificate ? [Path: Certificates > Certificate authorities > Default?] And the hostname ? [Path: Administration > Admin and user settings > Hostname]

Christopher Kurdian · Answer

Appreciate all your help Vivek, Rooky mistake on my part. I thought "Server name:*" was the Common Name and Server IP / domain* was the IP address of the Active Directory Server I was authenticating to. What you should have: Server name:* Server IP / domain* Unfortunately, I didn't have the IP address as an alternative name in the certificate I see, if I had the IP as an alternative name it would have worked I would think. Big shout out and thank you to Ross for pointing this out.

Vivek Jagad · Answer

Hello Christopher Kurdian ,

Thank you for reaching out to the community, please refer the following article - Sophos Firewall: A Quick Guide for LDAPS/AD Integration With Windows Server 2022/2019/2012…

Vivek Jagad · Answer

Hey Christopher Kurdian , If you turn this option " Validate server certificate" on, you must upload the AD server certificate to the firewall on Certificates > Certificates > Add > Upload certificate . If you don't upload it, the connection to the AD server fails.

Validate Server Certificate

Top Replies