Howto add wildcard Comodo SSL certificate

When you move your mouse over the red cross, what extra information do you see?

If it says "Expected Issuer ....CN=..." it means you uploaded a wrong Comodo Root CA certificate.

Download the "expected" CA certificate from the Comodo website

Hi 2ServeErik,

I did that, this is the output:

Then i downloaded this cert from Comodo website, file: comodorsadomainvalidationsecureserverca.crt

When i try to import it i get:

So then i ran out of ideas..

On my Sophos XG I also have a Comodo wildcard with the same CA as in your first screenshot.
I deleted this "Comodo RSA...CA" certificate and a red cross appeared next to my wildcard.

I downloaded the file "comodorsadomainvalidationsecureserverca.crt" from the Comodo website and changed (renamed) the file extension to "comodorsadomainvalidationsecureserverca.pem". Then uploaded it to Certificate Authorities in my Sophos XG. On the certificates tab my red cross was gone!

So it should work for you to.

Try this:

1.delete your wildcard certificate

2. find the "already existing" CA certificate in the Certificate Authorities Tab and delete that as well

3.change the extension of the downloaded "comodorsadomainvalidationsecureserverca.crt" file to .pem and upload it again: Name = Comodo and choose .pem as the Certificate File Format

4.add your certificate and wildcard again (try to use the .p7b file you received from Comodo then there's no need to upload your private key separately

Good luck

Thanks, your trick worked, but i had the wrong certificate. When i googled on: "comodo rsa domain validation secure server ca download" 

i used this link: https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/108/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca

But this is the wrong certificate. When i got this one: https://static.kinamo.be/crt/comodo/comodorsadvsecureca.crt it all went fine.

Thanks again!

Hello Guys,

I have the same problem but with Kerio mail server certtificate.

The client has .crt and .key files but cannot upload neither certificate nor CA.

And again same red cross.

After a while an admin generated .pem certificate file from his browser and now I had this situation:

and I cannot use it neither for IMAPS nor for SMTPS connection(in/out).

The issuer is expected but I cannot upload .pem file in CAs.

Any help? Please ? :)

Maybe just renaming will help?

Hello Guys,

I have the same problem but with Kerio mail server certtificate.

The client has .crt and .key files but cannot upload neither certificate nor CA.

And again same red cross.

After a while an admin generated .pem certificate file from his browser and now I had this situation:

and I cannot use it neither for IMAPS nor for SMTPS connection(in/out).

The issuer is expected but I cannot upload .pem file in CAs.

Any help? Please ? :)

Maybe just renaming will help?

Hi Kaloian, 

The red X mark means that the CA is not uploaded. I would request you to check this community link : https://community.sophos.com/products/xg-firewall/f/initial-setup/90379/question-about-certificate-screen.

Once you upload CA for that specific certificate, that red X mark will disappear and you should be able to use the certificate for your email server.