Sophos Product Bulletin – HTTPS / SSL Web Filtering Reporting Untrusted Website Certificate

Sophos Product Bulletin – HTTPS / SSL Web Filtering Reporting Untrusted Website Certificate

For the past few days we’ve had an uptick in users reaching out reporting issues with their Sophos products and HTTPS Web Protection scanning. These products include Sophos UTM, Sophos XG, and Sophos Web Filtering products.

Screenshot of Sophos UTM reporting untrusted Website, Certificate has expired
Sophos UTM – Reporting Untrusted Website, Certificate has expired

The Issue

These issues are due to due Root CAs that have expiring SSL certificates in their SSL chains. The issue started end of May and results in websites that do not load fully or properly, or present the error message seen above.

The certificates involved are:

  1. AddTrust AB, AddTrust External CA Root
  2. The USERTRUST Network, USERTrust RSA Certification Authority
  3. The USERTRUST Network, USERTrust ECC Certification Authority

The Root CAs on your Sophos devices must be updated to include the newly issued certificates.

The Fix

If you’re running a Sophos UTM, our President Stephen Wagner has created a guide to fix the untrusted website certificate issue on your firewall. If you’re a technical user, you may also be able to use the information on this post to apply the fix to other Sophos products.

If you’re a customer of ours and are unable to or uncomfortable, please feel free to reach out to us and we’ll be able to help you fix the issue.

Alternatively if you’re not a client of ours, you should be able to reach out to your provider for support.


Occupation: President of Digitally Accurate Inc.
Bio: 13 Year IT Service and Solution Provider, Managed Services Provider, Tech Blogger, Entrepreneur

Full biography available here.
Personal Technology Blog: https://www.stephenwagner.com

Connect with Stephen:
Connect on LinkedIn
Connect on Facebook
Connect on Twitter
Connect on YouTube

Leave a Reply

Your email address will not be published. Required fields are marked *

*