This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Chained/intermediate certificates

Hi there

I found several threads that deal with the question of whether or not the ASG supports intermediate certificates. I even found a feature request with a note, that this was planned for implementation in 8.200. But it was never mentioned in the release notes so I'm wondering whether this was actually implemented in 8.200/8.201 or not?

Anyone of you successfully managed to use an intermediate certificate with 8.20x?
We're getting complaints of our customers because the chain is broken even though we installed the certificates (with intermediate CA) the same way we did on our web- and mailservers. But then, we're still on 8.103...

Cheers and thanks,
Manuel

This thread was automatically locked due to age.

0 Scott_Klassen over 13 years ago

I've not tried it personally, but have been told that this does now work in 8.2x (https://community.sophos.com/products/unified-threat-management/astaroorg/f/57/t/49982). I would suggest that you wait a little bit longer on 8.103 though until the 8.202 up2date is released.
Cancel
Vote Up 0 Vote Down

Cancel
0 gartoffel over 13 years ago in reply to Scott_Klassen

Hi Scott

Thanks for your message.
I've not tried it personally, but have been told that this does now work in 8.2x (https://community.sophos.com/products/unified-threat-management/astaroorg/f/57/t/49982).

Yes I read that, but I'd like confirmation of a 8.20x user that it really works.

I would suggest that you wait a little bit longer on 8.103 though until the 8.202 up2date is released.

That's for sure. I'll at least wait until 8.202 or 8.203 until I update the units. And of course, I'll read what other users in the forum think of these releases before I'll give it a try.
In the near future, our company will have to think about getting two test-ASGs.

Cheers and have a good one
Manuel
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 13 years ago

In the near future, our company will have to think about getting two test-ASGs
Install the software ISO into a VM. Nothing fancy and inexpensive. [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 gartoffel over 13 years ago in reply to Scott_Klassen

Install the software ISO into a VM. Nothing fancy and inexpensive. [:)]

I don't like the idea of not having the same hardware. There's always a chance a problem is related to the unit. Take link aggregation for example: This is depending a lot on the hardware you use (mii_mon, use_carrier, ...).
But maybe I'll give it a try. Right now I'll just wait for 8.203 [;)]

Cheers and good night
Manuel
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 13 years ago

Gute nacht.
Cancel
Vote Up 0 Vote Down

Cancel
0 gartoffel over 13 years ago

I have bad news: Intermediate certificates in WebAdmin are not supported yet.
Looking at the fact, that more and more CAs use intermediate certificates, I think that this should be fixed as soon as possible.
We never had a problem with our certificate chain in the past on apache webservers so this shouldn't be too hard to achieve.

This post will hopefully save someone else several hours of debugging. It's not your fault, it's the ASGs! [;)]

Cheers,
Manuel
Cancel
Vote Up 0 Vote Down

Cancel