Hi J_87586,
In previous versions of the product, we had a very insecure process where downloading a CSR also included the private key, together with a text file containing the private key password. This meant that customers could do things with certificates created on the Firewall as if the Firewall was actually a serious PKI solution. It was never intended for that purpose.
For security reasons, we now prevent users to download the private key. The key is therefore kept safely and securely on the firewall.
Creating a certificate from the Default CA is intended for internal use – for example, for internal WAF connections or if you want to create a custom cert for the WebAdmin.
If you want to reuse a certificate and private key, you'll need to use another tool to create the private key and then upload the signed certificate to your firewall.
Note: The change was announced in the 18.5 MR2 release notes (https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5) published on Nov 29, 2021.
Hope that helps,
Rémi
Th Sophos XG allows me to generate a certificate from the Default CA. Great, I want to use these on the IMPI interfaces for various servers. However, I can only export the public part of the certificate and not the key. Can't realy install the cert on a machine without the private key. MIght as well remove this functionality is you're going to half-ass it like this.
Top Comments
-
R@DocSupport
-
Cancel
-
Vote Up
+1
Vote Down
-
-
More
-
Cancel
Comment-
R@DocSupport
-
Cancel
-
Vote Up
+1
Vote Down
-
-
More
-
Cancel
Children