For the past few days we’ve had an uptick in users reaching out reporting issues with their Sophos products and HTTPS Web Protection scanning. These products include Sophos UTM, Sophos XG, and Sophos Web Filtering products.
The Issue
These issues are due to due Root CAs that have expiring SSL certificates in their SSL chains. The issue started end of May and results in websites that do not load fully or properly, or present the error message seen above.
The certificates involved are:
- AddTrust AB, AddTrust External CA Root
- The USERTRUST Network, USERTrust RSA Certification Authority
- The USERTRUST Network, USERTrust ECC Certification Authority
The Root CAs on your Sophos devices must be updated to include the newly issued certificates.
The Fix
If you’re running a Sophos UTM, our President Stephen Wagner has created a guide to fix the untrusted website certificate issue on your firewall. If you’re a technical user, you may also be able to use the information on this post to apply the fix to other Sophos products.
If you’re a customer of ours and are unable to or uncomfortable, please feel free to reach out to us and we’ll be able to help you fix the issue.
Alternatively if you’re not a client of ours, you should be able to reach out to your provider for support.