Sophos XG and AP/APX users may experience issues registering to Sophos Central. More info available here: XG Firewall - Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
in the certificate-requirements for SVE 1.2 it is written that "Subject Alternative Names in the SVM certificate contain the IP addresses for all configured SVM IP addresses. These must be specified as IP and DNS e.g. IP: 126.96.36.199, DNS: 188.8.131.52".
As i understand, i have to write ALL IP-Adresses of ALL SVMs in every certificate. But if i do so, the installation fails. It only finishes, when only the IP-Address of the current SVM is entered as IP and DNS. Is this a mistake in the documentation?
By the way: IP-Addresses as DNS-Name in Subject Alternative Names are not valid according to https://tools.ietf.org/html/rfc5280#section-184.108.40.206 !!!
its not all ip addresses of all the SVMs in every certificate
but you need to enter just the IP addresses of that particular SVM.
In the KBA it says:
You will need to complete these steps for each Security VM you wish to deploy
vi. Subject tab:
Hope this helps
In reply to MarkToshack:
OK, i think this is more clear than the sentence in the requirements. I did not read this as we don´t have a Microsoft-CA.
In reply to MarcLang:
I am looking to ensure our docs are easier to follow - thanks Marc for the feedback.