TL;DR Access to WebAdmin was achieved again by locally forceing Internet Explorer to only use TLS 1.1 by disabling support for all other suites.
When accessing a rarely configured Sophos UTM running version 9.503-4‘s WebAdmin interface via https://utm.domain.com:4444 today I got faced with an unknown to me error in Chrome;
FQDN doesn't adhere to security standards.
ERR_SSL_SERVER_CERT_BAD_FORMAT
The same type of error presented itself in for example, Internet Explorer, albeit with a different type of error message.
Quick followup testing got me to the following stage;
UserPortal – Working.
SSH – Working.
WebAdmin – Not working, not externally nor internally, not in any browser. Tested by name and IP.
Access via UTM Manager – Not working.
Restarting the WebAdmin service httpd via SSH had no effect on the issue. Restarting the UTM was not a viable option at this time, as this was in the middle of working hours.
ssh loginuser@utm.domain.com sudo bash /etc/rc.d/httpd restart
I’m sure there’d be a way to solve this issue altogether via SSH, if I ever find out how, and remember to- I’ll update this page.
Solution
Access to WebAdmin was achieved again by locally forceing Internet Explorer to only use TLS 1.1 by disabling support for all other suites.
Internet Explorer – Internet Options – Advanced > Security.
Restart IE to apply the changes. Don’t forget to swap back when done.
The issue was subsequently sorted out by generating a new WebAdmin certificate.
Management > WebAdmin Settings > HTTPS Certificate.
Change the hostname value and Apply to generate a new cert and key combo.
WebAdmin will now reload within 5 seconds with a newly generated cert. Once reloaded, access should be working again for example via Chrome. As intended.
A better, more preferred way of handling the certificate situation of Sophos WebAdmin would be to use a proper CA signed certificate, here, but alas, it’s not always in the cards.