If you’re running a Sophos UTM firewall, you may start noticing websites not loading properly, or presenting an error reporting that a root CA has expired.
PLEASE NOTE: If you are experiencing this on September 2021 or later, please see DST Root CA X3 Certificate Expiration Problems and Fix.
The error presented is below:
Webpages that do not present an error may fail to load, or only load partial parts of the page.
Update June 3rd 2020 – There are reports that this issue is also occurring with other vendors security solutions as well (such as Palo Alto Firewalls).
This is due to some root CA (Certificate Authority) certificates expiring.
Particularly this involves the following Root CA Certificates:
Read more about the particular issue here: https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT
To resolve this, we must first disable 3 of the factory shipped Root CA’s (listed above) on the Sophos UTM, and then upload the new Root CAs.
You’ll need to go to the following links (as referenced on Sectigo’s page above, and download the new Root CAs:
USERTrust RSA Root CA (Updated) – https://crt.sh/?id=1199354
USERTrust ECC Root CA (Updated) – https://crt.sh/?id=2841410
When you go to each of the above pages, click on “Certificate” as shown below, to download the Root CA cert.
Do this for both certificates and save to your system.
Now we must update and fix the Sophos UTM:
After you complete these steps, verify they are in the list.
After performing these steps you must restart the HTTPS Web filter Scanning services or restart your Sophos UTM.
The issue should now be resolved. Leave a comment and let me know if it worked for you!
While most of us frequently deploy new ESXi hosts, a question and task not oftenly discussed is how to properly decommission a VMware ESXi host. Some might be surprised to… Read More
This guide will outline the instructions to Disable the VMware Horizon Session Bar. These instructions can be used to disable the Horizon Session Bar (also known as the Horizon Client… Read More
Normally, any VMs that are NVIDIA vGPU enabled have to be manually migrated with manual vMotion if a host is placed in to maintenance mode, to evacuate the host. While… Read More
You may experience GPU issues with the VMware Horizon Indirect Display Driver in your environment when using 3rd party applications which incorrectly utilize the incorrect display adapter. This results with… Read More
Today we're going to cover a powerful little NAS being used with VMware; the Synology DS923+ VMware vSphere Use case and Configuration. This little (but powerful) NAS is perfect for… Read More
Today we'll go over how to install the vSphere vCenter Root Certificate on your client system. Certificates are designed to verify the identity of the systems, software, and/or resources we… Read More
View Comments
Thanks a lot, really helpful
Thank you. Perfectly working.
Easy to implement and directly resolved the problem.
Sophos UTM 9
Firmware: 9.703-3
Thank you very much, this info was exactly what we need.
Thanks for the tip, works like a charm :-)
Thanks for the tip! Helped me a lot!
Thank you! Works!
Spot on, worked. Thanks
Thanks a lot, works fine now with UTM V9.707-5