hi im using ssl vpn with the sophos SSL cert.
my question is do i loose security by using sophos cert and not a paid ssl cert?
doesn't Sophos use the same SSL cert on all firewalls? or do each firewall has it own self sign cert?
Hi David, Welcome to the Sophos Community.
You don’t lose any security by using the Sophos Certificate.All the certificates on XG are singed by "Default CA" and these are distinct or each appliance…
You don’t lose any security by using the Sophos Certificate.All the certificates on XG are singed by "Default CA" and these are distinct or each appliance with their own private key. Even if you generate the self-signed-cert from the appliance, It gets signed by the "Default CA" of that specific appliance.
If you're concerned with the secure-error that you get when you attempt to access the firewall web-admin or captive portal or user portal, It is because the Appliance Certificate which is used for these portals is signed by the same private CA present on the firewall hence its not trusted by the browsers as they only trust well-known CAs.You can get rid of that Error using any Third-Party Certificate signed by a well-known CA or You can also generate a self-signed cert on the firewall with the same CN(Common Name) by which you access the firewall (Mostly IP addresses) and import the default CA into the end device to trust it.Hope this help :)
thank you for that. i was worried about a potential attack in the middle with the widely used ssl cert.
other firewall manufactures required that you buy your own ssl.
i will keep the default. currently using it for ssl vpn.
hi thanks for the link.
the answer from sophos is that each XG has there own CA so is safe to use the default cert.