Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Hello Community,
Thank you to Rico for his contribution.
This issue is related to NC-100265. Expired certificate in the cert cache is being used rather than generating new ones.
The certificate cache (/var/certcache or /sdisk/certcache) contains certificates created by awarrenhttp when visiting a website for the first time with HTTPS Decryption. However, awarrenhttp might sometimes use the same expired certificate. This will cause the browser to complain about expired certificates.
Workaround:
touch /var/certcache/.clear_all_certs_on_reload
service -ds nosync awarrenhttp:restart
Note: all in-progress web traffic will be interrupted for a minute as the service restarts. Nonweb traffic won’t be affected.
This is fixed in version 19.0 MR2.
Updated Disclaimer
[edited by: Erick Jan at 9:40 AM (GMT -7) on 17 Apr 2023]