Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 23469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

* Certs and Web Appliance

Jason_D

Does the web appliance work with * certs?  It seems that every time I see an organization with a cert issued to *.company.com, the web appliance does not allow access to the page until I add that site to the bypass list for SSL.  It says that the site certificate is not valid although I cannot find any problems with it.  Am I doing something wrong?

Here's an example site:

https://www.ctspurchasing.com/

Jason

:3428


This thread was automatically locked due to age.
Parents
  • 0

    Ok, so it's not that the appliance didn't like the Star cert, it's that it didn't like the root authority that issued it?

    If I may make a suggestion for usability, could there be some way for the appliance to call that out at some point?  Like when you put the site name in and click "download" on the cert on the "Certificate Validation" page, maybe some big red letters near "Issued by" that say "Not trusted".  Heck, make it even easier with a "Trust" button next to the big red warning?  :smileyhappy:

    I'll check that now, but I just assumed the appliance started with approximately the same root trusts as my web browser so I wasn't looking at the issuing authority - just the dates and that the issued to matched the site name.

    Thanks

    Jason

    :3445
Reply
  • 0

    Ok, so it's not that the appliance didn't like the Star cert, it's that it didn't like the root authority that issued it?

    If I may make a suggestion for usability, could there be some way for the appliance to call that out at some point?  Like when you put the site name in and click "download" on the cert on the "Certificate Validation" page, maybe some big red letters near "Issued by" that say "Not trusted".  Heck, make it even easier with a "Trust" button next to the big red warning?  :smileyhappy:

    I'll check that now, but I just assumed the appliance started with approximately the same root trusts as my web browser so I wasn't looking at the issuing authority - just the dates and that the issued to matched the site name.

    Thanks

    Jason

    :3445
Children
No Data