Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 6646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change URL for Sandstorm Redirect Page?

ChrisKnight

Currently using 17.0.2 MR-2.

Not sure if I'm looking in the right spot but I'd like to change the Sandstorm Job Analysis URL so it uses the firewall's FQDN rather than the IP address.

The URL as it is throws a not secure warning in the browser. Easy to work around by adding the IP to subjectAlternateName if the certificate is self-generated, but not possible if you're using a public CA.

Can this be done, or do I need to lodge a bug/feature request?



This thread was automatically locked due to age.
Parents
  • 0

    The applicable Sophos Idea for this now implements FQDN support, but for me it's still inoperable as the certificate I select for Captive Portal is ignored and it defaults to the ApplianceCertificate certificate. This may be due to the fact that the XG units I have have been successively upgraded from v15 and there's a legacy setting/configuration that's preventing this from working correctly.

    The workaround for my own unit was to replace the ApplianceCertificate certificate with one that includes a subjectAlternateName of the FQDN I'm using, along with the existing identifiers used, and sign it with the XG's default CA, and added to my local PCs' certificate store

    EDIT: With the saint-like patience of Michael Dunn, I was able to work out that my Captive Portal certificate binding issue was due to the fact that PFX Import - while helpfully reporting that it imported the certificate chain correctly - would result in awarrenhttp not being able to find the Root CA from the Intermediate CA and would silently roll back to using the ApplianceCertificate certificate. Once I imported the Root CA, Intermediate CA and leaf certificates separately as PEMs it worked correctly.

Reply
  • 0

    The applicable Sophos Idea for this now implements FQDN support, but for me it's still inoperable as the certificate I select for Captive Portal is ignored and it defaults to the ApplianceCertificate certificate. This may be due to the fact that the XG units I have have been successively upgraded from v15 and there's a legacy setting/configuration that's preventing this from working correctly.

    The workaround for my own unit was to replace the ApplianceCertificate certificate with one that includes a subjectAlternateName of the FQDN I'm using, along with the existing identifiers used, and sign it with the XG's default CA, and added to my local PCs' certificate store

    EDIT: With the saint-like patience of Michael Dunn, I was able to work out that my Captive Portal certificate binding issue was due to the fact that PFX Import - while helpfully reporting that it imported the certificate chain correctly - would result in awarrenhttp not being able to find the Root CA from the Intermediate CA and would silently roll back to using the ApplianceCertificate certificate. Once I imported the Root CA, Intermediate CA and leaf certificates separately as PEMs it worked correctly.

Children
No Data