For HTTPS inspection on the Sophos Web Appliance customers are able to use the certificate provided with the appliance or to generate their own. We recommend that administrators generate their own self-signed SSL CA and upload it to the SWA as security best practice. This article explains how to generate the SSL CA and upload it to the Sophos Web Appliance.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Web Appliance
Have an install of OpenSSL on a Linux system. For more information please visit https://www.openssl.org/. There are also OpenSSL binaries for Windows but this KB covers creating the files in Linux.
openssl req -sha256 -x509 -new -nodes -days 3650 -newkey rsa:2048 -outform PEM -keyout CA.key -out CA.crt
The certificate has now been generated. Make sure to copy the files someplace where they can be uploaded to the web appliance.
Note: After installing the certificate and key, copy both to a secure area with limited access and protect them with a password.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.