Certificates generated by Sophos Central are used by the Sophos Firewall to communicate with the Heartbeat function of the Endpoints. These certificates are set to have a default lifetime of two years. The certificates will automatically renew, unless an active Firewall is registered to Central with older software which doesn’t support the automatic renewal. An alert will be raised in Central if this is the case, and manual renewal will be necessary. Without the certificate, the endpoint cannot sync its heartbeat to the firewall and will show up in RED under the Security Heartbeat health status.
Applies to the following Sophos products and versions Sophos FirewallSophos Central Admin
Active firewalls without the correct version will trigger an alert that will advise them to look at this KBA.
The alert in Central will say “The renewal of your Heartbeat intermediate certificate has failed.”
service heartbeat:restart -ds nosync
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.