Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 5274 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to open support ticket - certificate expired

Toothpick
Hello,

I noticed the certificate for CA Globalsign used by the ASG has expired.
I would like to open a support ticket but sadly enough myastaro.com seems to be using a Globalsign certificate. Here is the web proxy error page:

Untrusted Website 

While trying to retrieve the URL:  https://my.astaro.com/supportCases.php (Add exception for this URL)
Status  certificate has expired
Subject  /2.5.4.15=Private Organization/serialNumber=02096520/1.3.6.1.4.1.311.60.2.1.3=GB/C=GB/ST=Oxfordshire/L=Abingdon/streetAddress=The Pentagon/O=Sophos Ltd./CN=www.sophos.com
Issuer  /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Extended Validation CA - G2
SHA1 Fingerprint  3D:8B[:D]3:64:BA:65:7E:2D:59:82:2E:06:60:A5:44:A4:68:6A:38:89
MD5 Fingerprint  69:78:C4:9D:9F:21:8B:70:0B:51:50:4C:44:EC:AF:1B
Valid from  Aug 29 10:37:05 2013 GMT
Valid until  Aug 1 13:45:02 2014 GMT


As you can see the actual certificate is valid, not that the ASG uses internally.
I experience the same behaviour for multiple Globalsign certified https sites.
I have no problem accessing those sites directly, browsers show the correct certificates.

I am using ASG Firmware version: 8.311
Pattern version: 56544

Thank you for your help.


This thread was automatically locked due to age.
Parents
  • 0
    Hello,

    first, this is not a problem only related to astaro support website. 
    Seems to me, that all websites, using a specific lobalsign cert have that problem. So just excluding some websites in not suitable and also not trustworthy, especially when you have that issue with the support website of your UTM provider!

    here is an other website, that is untrusted in ASG v8
    https://activetracing.dhl.com/
    (issued by Deutsche Post/CN=DPDHL TLS CA I3 that is certified by GlobalSign Trusted Root CA G2)
    and of course:
    https://myutm.sophos.com/
    (issued by GlobalSign Extended Validation CA - G2)

    But those are all active and have not expired. I cannot see the problem by now.
  • 0 in reply to Stelektro
    Toothpick, could you find a solution? I think some global sign certs on ASG8 have expired. Sad, that they are not centrally updated.
    (I see only the fingerprints):
    Fingerprint: 2F:17:3F:7D:E9:96:67:AF:A5:7A:F8:0A:A2[[[[:D]]]]1:B1:2F:AC:83:03:38
    Fingerprint: 0C:EE:B7:12:AE:36:10:4D:77:19:35:33:FD:F9:1F:15:B5:11:91:77
    Fingerprint: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F[[[[:D]]]]D[[[[:D]]]]E:38:E4:B7:24:2E:FE


    Edit:
    this one has expired on 28.1.14: 2F:17:3F:7D:E9:96:67:AF:A5:7A:F8:0A:A2[[[[:D]]]]1:B1:2F:AC:83:03:38
Reply
  • 0 in reply to Stelektro
    Toothpick, could you find a solution? I think some global sign certs on ASG8 have expired. Sad, that they are not centrally updated.
    (I see only the fingerprints):
    Fingerprint: 2F:17:3F:7D:E9:96:67:AF:A5:7A:F8:0A:A2[[[[:D]]]]1:B1:2F:AC:83:03:38
    Fingerprint: 0C:EE:B7:12:AE:36:10:4D:77:19:35:33:FD:F9:1F:15:B5:11:91:77
    Fingerprint: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F[[[[:D]]]]D[[[[:D]]]]E:38:E4:B7:24:2E:FE


    Edit:
    this one has expired on 28.1.14: 2F:17:3F:7D:E9:96:67:AF:A5:7A:F8:0A:A2[[[[:D]]]]1:B1:2F:AC:83:03:38
Children
  • 0 in reply to Stelektro
    Not resolved yet. Have been busy working on adding exceptions for the users of the affected https sites rather than working on the solution. I got as far as
    "Standard support contract holders should contact their local certified Sophos partner for first level technical support" which I just did.
    Other tracks are temporarily disable https checking or upgrade to v9.