The Sophos Email Appliance lets you upload a certificate signed by a third-party to use it for services such as the Admin UI, Web Quarantine, TLS encryption and SPX portal. The following sections are covered:
Applies to the following Sophos products and versions Sophos Email Appliance
When you generated the CSR from the appliance and sent it to the certificate signing authority, you will get a certificate bundle from them. This article will guide you on how to upload the certificate to the appliance manually. The second option would be to import the certificate in PEM format.
Note: Add a certificate provided by a Certificate Authority to make the certificate available for use on the Email Appliance. The certificate must be in Privacy-Enhanced Mail (PEM) format, and it must match the selected CSR.
Note: When you generate the CSR from the appliance, the private key is generated and stored on the appliance. Once you get the response and upload it via the pending CSR link, the private key is appended automatically (so you only need to upload the CSR response).
The private key is generated when the certificate request is generated. You would get that from the appliance if it was generated there or it would be from whatever system they used to generate the request.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.