Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 40089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to avoid certificate error?

alexxdavid
Hi Guys,

What is the best way to avoid Certificate error when using Web Filtering and accessing https website?

Currently using transparent mode (no authentication for windows and SSO for IOS) when SSO was activated for windows, I was also getting errors regarding passthrough.fw-notify.net.

Can this be fixed by uploading a public certificate? Shouldn't it resolve to the fqdn of the UTM instead?


This thread was automatically locked due to age.
Parents
  • 0
    You need to install the UTM as a Certificate Authority on your client devices.

    You can download the CA from WebAdmin, or from User Portal, or (I think) from https://passthrough.fw-notify.net/cacert.pem 

    Install it as a trusted certificate authority.  You need to do IE and FF separately.

    This is usually done via an AD GPO push.

    If there is already a self-signed certificate authority that you trust you can use that.

    You can also specify a certificate (self-signed or public) just for the passthrough.fw-notify.net, however it only applies to things from that site (block pages and such) and not to HTTP Scanning.

    You cannot use a public cert for HTTPS scanning.  You cannot purchase a public Certificate Authority (ability to certify other websites).
  • 0 in reply to Michael Dunn
    Thanks Michael,

    Is it normal for the certificate to have a Subject Alternative Name of 127.0.0.1?

    Do i need to do the same for webadmin for it to be trusted? (currently using external domain name)
Reply Children
No Data