Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 10562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Certs issues just started

nicholasbooth

I have Https scanning and it has been working fine for a number of weeks. I also placed an email Business App policy in place and had it scan all emails. Everything was fine, despite a few issues when Outlook would fail to download emails for the first 2 times and then would work.

This morning, when I opened Outlook I got an Internet Security Warning saying the signature of the certificate cannot be verified ( I get this now for all three email domains I collect my email from ) If I view the certificate it is using for one it says it was issued to pop3.virginmedia.com by Sophos SSL CA_ (my Sophos XG device)  and does similar for the other 2 domains.

First question is why has this just started as nothing has changed on my PC or Sophos, 2 when I installed this cert and the other 2, my emails worked, my Https scanning stopped and could no longer get the secure web pages. SSL pages would then come through with their own SSL certs rather than the Sophos.

In the end I removed all the certs from my PC, downloaded the main SSL CA cert from my device and https scanning and Secure pages worked again. however, I still get this message on my emails.

Any ideas please, the whole SSL thing is driving me nuts and the fact it was working and has now stopped is quite annoying

Nick



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    no, it is set to the Sophos device and was working like this. I connect to 3 different Internet email providers so not sure what you could put in there to validate all three.

  • 0 in reply to nicholasbooth

    Maybe I should ask another question instead. What rules would you put in place to allow email scanning when no email server is on your network. All clients use Outlook. Does the business app rule for email work in this case. It seems to scan incoming and tag them as being spam or possible spam. it just the current issue of security certs thats baffling me as to why it has started to suggest I need to install new certs

  • 0 in reply to sachingurung

    ok, found the certificate cause, option to allow invalid security cert was ticked under POP and IMAP TLS section. not sure how this has changed or what could have cause the appliance to start issuing its own certs.

    Also, the first email address it checked still fails first time. 4 email addresses, the first hangs, the 2nd, 3rd, and 4th go through fine, I click send and receive again and the failed one works without issue. This is for POP receive only, SMTP goes through on this account first time without issue.

    Any ideas as I am not sure where to start looking to try and resolve this?

  • 0 in reply to nicholasbooth

    Hi Nicholas,

    I think Outlook is not facing trouble to fetch the email from server using POP3, did you find any suspicious logs for POP3 when you do not receive an email. Please check the logs by navigating through options Settings>Diagnostics>Log Viewer>POP3.

    Thanks