If create a Lets Encrypt certificate (pfx, fullchain cert) and uploaded it to my freshly installed Sophos XG (SFOS 18.5.1 MR-1-Build326).
The certificate is uploaded but shows up as untrusted (red cross).
The chain of the certificate is: ISRG Root X1 -> R3 -> My Certificate
I search the CA Certs for R3 and it only shows two not related R3 certificates. It does not show an R3 only CA certificate.
I tried to upload the R3 CA certificate from the LetsEncrypt web site but Sophos XG tells me that there is already a certificate.
Can anybody help ? What am I doing wrong ?
I had the same issue on one firewall and had to regenerate my lets encrypt certificate, but this fixed my issue.
Same problem. I even tried uploading the ISRG Root X1 certificate in the CA tab. The certificates however remain untrusted. Any ideas?
This should be fixed by a hotfix. See: https://support.sophos.com/support/s/article/KB-000042993?language=en_US
I already tried this. The problem persists. :/
I just tried what you said and it's not working for me. I have fresh, newly issued certificates and it's still saying: not trusted
I even re-uploaded the CA certificates from the Let's Encrypt web site. The X1 and R3 one, both valid certificates.
Can you share a screenshot of your certificate? Did you upload it with a private key?