Sophos Active directory authentication with SSL/TLS Failure

Attempted to setup AD authentication to Sophos Firewall, and kept getting the following error: Test connection failed as server is down or unreachable

The connection would work successfully when using Plaintext, but fail when using SSL/TLS or STARTTLS.

The root issue was that the Domain Controller I was trying to connect to, did not have an SSL certificate associated with it. You could go out and purchase an SSL cert that matched the FQDN, or setup an internal CA service, but if you need a quick and dirty solution, you can just generate a self-signed cert and add it as a trusted CA.

  1. Open Powershell as Administrator
  2. Type in the following command to create a self-signed cert:
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName “fqdn-of-server” -FriendlyName “Server Cert” -NotAfter (Get-Date).AddYears(10)
  3. Next, copy the generated cert which will reside under the Personal\Certificates store to the Trusted Root Certification Authorities\Certificates Store

Now you should be able to test using any of the other connection security methods successfully.

*Posts on this site may contain affiliated links*

Leave a Reply