We'd love to hear about it! Click here to go to the product suggestion community
im trying to install a Cerficate on the XG firewall.
we generate a CSR file, and requested the Cerfificate. when i try to upload the certificate to sophos i receive an error.
first we go to system certificates
* choose upload certificate* give it the name it should have, upload a .CER file en choose the private key its in the csr file.* with no Password.
* press save. then the next fault will be shown.
hope someone can help me.
make sure to import the CA and to import the Certificate using pkcs12 or PFX format as described here:
In reply to lferrara:
ok, we did these steps only step 6 whe not sure of. we only have a got
* geotrust global.cer
i can convert the sophos.cer to a p7b file but not the pkcs12
after import the p7b i got the following error message.
for the record im totally noob in this certificate thing.
thnx in advance.
In reply to Kevin Paulusse:
I started (and now resolved) this threed on same subject but different, but very similar!https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/95348/import-crt-certificateMy first issue was, the XG firewall did not know about the goDaddy UK CA (Certificate Authority), so had to overcome that first. Then I had to find 'the key'. Fortunately, I had already completed successfully on my SEA (Sophos Email Appliance) and was able to export both the certificate and key.When you do export, you get a single .pem file, which contains both the cert and key (open in Notepad in windows and you can copy and paste the text out to 2 separate files.If I did not have the SEA, I would have been stuck, as there was no way from the 2 certs from goDaddy to get the 'key'.For you, I think you need to import the certificate to something (Windows IIS), to be able to export (backup) the cert and key.
In reply to Paul Digby:
We have the, .key and .cer file right now.when i try to add the certificate, this shows up
when i enter the .cer and .key file it asks for a password that we didnt enter at the request.for the record we dont have any certificates on the sophos yet.
When I first generated the csr, I too did not type in a password anywhere.I just typed in a password and it seemed to accept the upload
I had some issues with this in the past, but I hope I can help clear some things up. Note - my certificates were made through an internal CA.
In reply to DavidLaClair:
litle bit late reply, but thnx we will try this. certificate is still not installed.
hate to necro a two-year-old thread, but maybe it'll help some future searcher.
i was having a similar issue, where the page was giving me the "Certificate could not be uploaded due to invalid private key or passphrase. Choose a proper key" message.
in my case, it turns out that the .key file that i had been uploading was encoded as UTF-8-BOM. i changed it to just UTF-8, and then the xg took it without issue.