* Certs and Web Appliance

When a root certificate authority (CA) is known to the system, we trust the certificates used by secured sites that are signed by that root CA.

However, when intermediate CA’’’’s are involved, we want to be able to validate them as well, because we do not know whether, or not, these intermediate CAs can be trusted – Often, the intermediate CA’’’’s are not the same company as the root CA.  If you have a longer chain (root signs inter1, inter1 signs inter2, inter2 signs the end certificate), then the potential risk increases.

So to be cautious about it, we require the intermediate CA’’’’s to validate the certificates used by secured sites (if they are signed by a chain).

If you find us missing intermediate CA’’’’s, then please contact us in the Administration Web Interface > Help > Sophos Support.  We will gladly investigate and include legitimate intermediate CA’’’’s in our system.  Thank you.

When a root certificate authority (CA) is known to the system, we trust the certificates used by secured sites that are signed by that root CA.

However, when intermediate CA’’’’s are involved, we want to be able to validate them as well, because we do not know whether, or not, these intermediate CAs can be trusted – Often, the intermediate CA’’’’s are not the same company as the root CA.  If you have a longer chain (root signs inter1, inter1 signs inter2, inter2 signs the end certificate), then the potential risk increases.

So to be cautious about it, we require the intermediate CA’’’’s to validate the certificates used by secured sites (if they are signed by a chain).

If you find us missing intermediate CA’’’’s, then please contact us in the Administration Web Interface > Help > Sophos Support.  We will gladly investigate and include legitimate intermediate CA’’’’s in our system.  Thank you.