Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7140 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to verify server certificate

stealthmatt_01
So I have some SSL sites that it receives an error when trying to authorise it for the user

Line 387: 2013:06:17-14:41:55 FEZI_SophosUTM httpproxy[17385]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.0.11" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (General Profile)" filteraction=" ()" size="0" request="0x2e4edb60" url="164.53.234.193" exceptions="" error="Failed to verify server certificate"
Line 388: 2013:06:17-14:41:55 FEZI_SophosUTM httpproxy[17385]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.0.11" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (General Profile)" filteraction=" ()" size="0" request="0x8a36920" url="63.140.54.227" exceptions="" error="Failed to verify server certificate"

The only way I can get around this is to add the Transparent mode skip list.

How do I fix this and stop this from denying regardless if it can't verify it?


This thread was automatically locked due to age.
  • 0
    So I have some SSL sites that it receives an error when trying to authorise it for the user

    Line 387: 2013:06:17-14:41:55 FEZI_SophosUTM httpproxy[17385]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.0.11" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (General Profile)" filteraction=" ()" size="0" request="0x2e4edb60" url="https://164.53.234.193" exceptions="" error="Failed to verify server certificate"
    Line 388: 2013:06:17-14:41:55 FEZI_SophosUTM httpproxy[17385]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.0.11" dstip="" user="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (General Profile)" filteraction=" ()" size="0" request="0x8a36920" url="https://63.140.54.227" exceptions="" error="Failed to verify server certificate"

    The only way I can get around this is to add the Transparent mode skip list.

    How do I fix this and stop this from denying regardless if it can't verify it?


    It seems that you will need to add SSL exceptions to the specific URL
  • 0
    I don't this problem with SSL Scanning enabled with AD-SSO (Standard, not Transparent) in V8.309, but I do have Exceptions for Finance/Banking - including SSL scanning and Certificate Trust Check.  I figure if they're categorized and not 'Suspicious' that they're trusted.

    I can confirm that the certs are mismatched:
    63.140.54.227 is infos.telstra.com
    164.53.234.193  is www.nab.com.au

    Cheers - Bob
  • 0
    I also get issues with Microsoft activations, I didn't have this issue before upgrading

    co2.sls.microsoft.com - 65.52.98.231

    Why is this happening and how do I simply allow this in the filtering? so I don't have to keep adding every ssl site that it doesn't like?

    The thing is too it doesn't resolve the name in the log its just says https://65.52.98.231 - I have tried adding it to the URL exception list for ssl checks for all of microsoft.com but it still doesnt work!

    Skipping: Authentication / Caching / Block by download size / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate Trust Check / Certificate Date Check
    Matching these URLs: ^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
    ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/