Sophos already released an update for Sophos UTM on 27.04.17, which fixes certificate warnings in connection with Chrome 58 and activated HTTPS scanning. I have not yet been offered the update via Up2Date, so here is a small note.
The update to version 9.413-4 can be downloaded here and installed manually:
http://ftp.astaro.de/UTM/v9/up2date/
The update only addresses the certificate problem with Chrome 58:
Bugfix:
Fix [NUTM-7586]: [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
The problem, which also applies to Golem results in Chrome ignoring the CommonName (issued for) on certificates and only addressing names that have been configured as SubjectAlternateName (alternative applicant). A detailed description can be found in the linked Golem article.
However, I could not reproduce the problem either, but I use a certificate for the CA of the UTM which was issued by my internal CA. The UTM thus works as a sub-CA, in this configuration I cannot reproduce the problem. Here is a current example, the host name is entered as CommonName and SubjectAlternateName:
The configuration with internal CA as root CA for the web filter is described here: