Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Ceritificate and Tomcat Server

Hi Everyone,

I have a certificate bought from GoDaddy. I generated it under Certificates Generate certificate signing request (CSR). However, upon installation, I encountered this. (see images) and the certificate is not registered in Certification authorities. 

 

I'm running a tomcat server that is connected to Sophos. Does anyone encounter this or able to set up this requirement? 



This thread was automatically locked due to age.
Parents
  • Hi  

    Can you please hover your mouse on red cross mark and confirm what error message is it giving?

    If it is giving "expected issuer" related message or reason then it is unable to complete the chain verification of that certificate due to missing CA (Certificate Authority) on XG.

    So you may import all your certificate authority which are used to sign or validate this Certificate and not present on XG under "Certificate Authority" tab ( next tab to certificate).

    This should fix your issue.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hi Vishal,

    Thank you for your reply, I tried adding it under Certificate Authorities but it is prompting that the certificate authority file may be corrupt. However, I tried to request a new certificate from GoDaddy but the error is still the same. 

     

    Any thoughts for this? 

Reply
  • Hi Vishal,

    Thank you for your reply, I tried adding it under Certificate Authorities but it is prompting that the certificate authority file may be corrupt. However, I tried to request a new certificate from GoDaddy but the error is still the same. 

     

    Any thoughts for this? 

Children
  • Hi  

    Let me explain you with more information based on my last comment to confirm we are on same page.As in reference if we consider below is your certificate path for the cert file which you have received from Go-daddy:



    In above path the end certificate you must need to import under "Certificate tab" only with private key. (In your case if you will not use private key it will work fine as CSR has been generated from XG firewall it self ,if you have generated CSR from any sever then you may need to export the private key from that server and that you need to use along with certificate while you import Certificate on XG).

    The other intermediate and root CA must required to be present under "Certificate Authority" tab. If any intermediate and root CA not present and if provided by cert provider then import the same file or else you may download the same from cert provider website as well. (Generally this need to import without private key just to complete the CA validation chain).

    If still it's giving error then you may log a support case to validate the issue further.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.