Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 2077 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webfilter / http proxy hangs with error "failed to read SSL certificate"

dengler
While activating the Webfilter via Web Security -> HTTP/S I get these errors in Livelog: 

2009:06:20-14:04:30 mail httpproxy[9664]: Integrated HTTP-Proxy (c) 2007-2008 Astaro AG

2009:06:20-14:04:30 mail httpproxy[9664]: [ (nil)] main (httpproxy.c:173) reading configuration

2009:06:20-14:04:30 mail httpproxy[9664]: [ (nil)] confd_config_filter (confd-client.c:1817) failed to read SSL certificate

2009:06:20-14:04:31 mail httpproxy[9664]: [ (nil)] main (httpproxy.c:178) error reading config, exiting



If I click on Web Security -> HTTP/S -> HTTPS-CAs this error message appears: 

Information:

Can't use string ("0") as a HASH ref while "strict refs" in use at /PerlApp/wfe/asg/modules/asg_http.pm line 1379.



Sidesteps:
- It is a fresh installed ASG 120, License is ok
- Firmware-Version: 7.403
- I tried to Re-generate WebAdmin Certificate with Management -> WebAdmin Settings -> HTTPS Certificate, nothing happens

Could anybody help me?

Sascha


This thread was automatically locked due to age.
  • 0
    I think the WebAdmin cert is different.  Did you try to regen the Signing CA on the 'HTTPS CAs' tab?

    Is this a unit that you load with a USB CDROM?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    1. I'm switching to "Management -> WebAdmin Settings -> HTTPS Certificate -> Re-generate WebAdmin certificate", enter the System DNS Hostname, then clicking on Apply - nothing happens. Did you mean this switch?
    2. No - the unit is just a box without CDROM. The software was preinstalled, fresh out of the box.

    Thanks, Sascha
  • 0 in reply to dengler
    1. No, not that one.  'Web Security >> HTTP/S' 'HTTPS CAs' tab.

    One of the problems that people cause themselves is giving the ASG the wrong hostname.  The best practice is to give it the public FQDN that resolves to its external IP.  For clients who use the SMTP Proxy, we normally use a hostname of mail.domainname.com.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Ok, while activating http proxy and clicking on HTTPS CAs I get the following error message: 
    Information:

    Can't use string ("0") as a HASH ref while "strict refs" in use at /PerlApp/wfe/asg/modules/asg_http.pm line 1379.


    Thanx,
    Sascha
  • 0 in reply to dengler
    Can you show a screencap of that?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to dengler
    It looks like a gremlin climbed into that box before they shipped it to you!  I suspect there was a problem in imaging the hard drive, but since this is a new unit, that's a judgement I'd rather leave to your reseller or Astaro: https://www.astaro.com/license/open_support_case.

    If you don't already have a MyAstaro account, it's  free to register for one.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for your help Bob - I will do that.

    Sascha
Cookie Information Banner