Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 23467 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

* Certs and Web Appliance

Jason_D

Does the web appliance work with * certs?  It seems that every time I see an organization with a cert issued to *.company.com, the web appliance does not allow access to the page until I add that site to the bypass list for SSL.  It says that the site certificate is not valid although I cannot find any problems with it.  Am I doing something wrong?

Here's an example site:

https://www.ctspurchasing.com/

Jason

:3428


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    When you say 'not trusted', do you mean that the browser gives you a certificate error?

    If you're using HTTPS scanning the cert of the website will be replaced with a certificate generated by the Web Appliance.  So, aslong as the browser trusts the web appliance as a root authority it should work fine.  See this KBA:

    http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    On the other hand, if you don't use HTTPS scanning, the certificate won't be replaced at all.  Whether the certificate is trusted or not will depend on the browser (eg. maybe one of the browsers doesn't have the intermediate installed?).

    You can usually view the certificate in your browser to get more information about who issued it and why the browser is complaining.

    -Tom.

    :27635
Reply
  • 0

    Hi,

    When you say 'not trusted', do you mean that the browser gives you a certificate error?

    If you're using HTTPS scanning the cert of the website will be replaced with a certificate generated by the Web Appliance.  So, aslong as the browser trusts the web appliance as a root authority it should work fine.  See this KBA:

    http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    On the other hand, if you don't use HTTPS scanning, the certificate won't be replaced at all.  Whether the certificate is trusted or not will depend on the browser (eg. maybe one of the browsers doesn't have the intermediate installed?).

    You can usually view the certificate in your browser to get more information about who issued it and why the browser is complaining.

    -Tom.

    :27635
Children
No Data