Hello,
Recently we have been running in to issues where users are unable to access websites that were previously available to them. The error they are receiving is NET:ERR_CERT_AUTHROITY_INVALID. This started shortly after we upgrade from Chrome 58 to 63. We originally thought the jump in version was to blame, but after rolling back we are still having the same issue. The issue is also present in Internet Explorer. It seems to be flagging random websites such as Facebook, CNN, and other HTTPS enabled sites but it is totally random. Users are reporting the certificate issue in the morning but if they wait for a while it may or not load the page a few minutes later. The sites are not consistent either. Some users have never had the issue and others have it every day. The certificate it is pointing to is the Signing CA under Filtering Options > HTTPS CAs. We are not using decrypt and scan, however the browsers are using our Signing CA as the certificate for valid websites. When the pages finally load they show the proper certificate. We do use a proxy on all of our computers that go through the UTM.
At the request of Sophos tech support we downloaded the certificate from our UTM and pushed it to all users via GPO but that did not make a difference. It is my understanding that we should only need to do that if we are using decrypt and scan. He also has me restart the appliances in an attempt to get them to resynch. I enabled and disabled Decrypt and Scan hoping it might trigger something in the system to stop scanning. This has been going on for over a week and the support tech we are using has not been able to resolve the issue so I was hoping somebody here may have seen and corrected this issue before.
Thanks in advance,
Dustin
This thread was automatically locked due to age.
