Installed new certificate and CA, but cannot select it to be used for admin login or user portal

Schlippety,

make sure you upload the CA and all Intermediate CA before uploading the certificate.

Regards

Thanks, I double checked that the 3 CAs provided by comodo were added, then deleted and re-added the certificate with the same result. I have the green check mark, but it doesn't show up in any of the lists to select as the certificate for vpn or admin portals. 

Did you upload the passphare?

What format is the Certificate?

Did you upload the passphare?

What format is the Certificate?

x.509 PEM format. I have tried with and without using my passphrase that used used during the CSR, no difference. Both generate the green checkmark, but fail to populate the dropdowns,  I've also rebooted the device. 

If you cannot select it, something is missing.

Did you generate the CSR on XG or on outside?

If you created the CSR somewhere else, you also need to upload the private key.

Yes, I did generate the CSR from the sophos interface

Delete everything and upload the CA and any intermediate CA then upload the CA.

While you perform these steps, connect to XG advanced shell (option 5 >3 ) and type:

tail -f /log/*.log | grep -i certificate

Regards

Thanks, see below

XG210_WP03_SFOS 17.5.10 MR-10# tail -f /log/*.log | grep -i certificate
2020-03-16 14:51:58 19[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:53:02 30[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:53:41 14[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:54:02 27[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:54:28 18[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
[Mon Mar 16 14:54:28.610115 2020] [ssl:warn] [pid 7120:tid 4143356224] AH01909: manage.cyberoam:65004:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 16 14:54:28.679292 2020] [ssl:warn] [pid 7120:tid 4143356224] AH01909: manage.cyberoam:65003:0 server certificate does NOT include an ID which matches the server name
WARNING: Skipping expired Certificate Equifax_Secure_CA.pem
WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_2_Policy_Validation_Authority.pem
WARNING: Skipping expired Certificate STATIC_VeriSign_Inc_VeriSign_Class_3_International_Server_CA_-_G3.pem
WARNING: Skipping expired Certificate RSA_Root_Certificate_1.pem
WARNING: Skipping expired Certificate Certplus_Class_2_Primary_CA.pem
WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_1_Policy_Validation_Authority.pem
WARNING: Skipping expired Certificate GeoTrust_Global_CA_2.pem
WARNING: Skipping expired Certificate NetLock_Express_Class_C_Root.pem
WARNING: Skipping duplicate certificate comodo-root.pem
WARNING: Skipping expired Certificate Deutsche_Telekom_Root_CA_2.pem
Key for read :certificateid
'client_cert_file' => '/conf/certificate/myuser_170D4DEDFF2.pem',
'client_key_file' => '/conf/certificate/private/myuser_170D4DEDFF2.key',
2020-03-16 14:53:02 30[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:53:41 14[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:54:02 27[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-03-16 14:54:28 18[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
********** Entity json validation log End FOR :16-3-2020 14:54:28 Objectname=system::certificate
==> /log/vpncertificate.log <==
CA id for ApplianceCertificate.pem is :1
caid for certificate mydomain-wildcard is :208

I just sent a PM.

If you want I can connect and check with you the issue.

Regards