Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When the vendors HowTo's are not rebuilding the reality or "Install a subordinate certificate authority (CA) for HTTPS inspection" is wrong

Just for someone else with the same problem, I had a ticket with Sophos (for months just to get this answer...) because I didn't get this one working: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/HowToArticles/CertificatesInstallSubordinateCAForHTTPSInspection/index.html#generate-a-certificate-signing-request-csr. Problem began for us in 18.5 but it is the same in 19.0 (don't know if this one worked ever...).

I was told that this is not possible. After I asked again that they want to tell me that the HowTo from themselves is wrong it was confirmed. So if someone want's to do this you have to do it another way against what the help will tell you...

To have some additional benefit from this topic: I can recommend the DigiCertutil for that purpose: https://www.digicert.com/support/tools/certificate-utility-for-windows

But as a last word here: for me it is ridiculous to wait for months for a useful answer and then the answer is simply "Yes, that's right it is not possible you can use the certificate used by CSR of Sophos Firewall for web services like UI access, WAF, etc...but not for proxy or email..etc." instead of: Yeah you are right, we are fixing it like described in the HowTo. At least it would be of sense to delete the wrong entry in the help asap...



This thread was automatically locked due to age.
Parents Reply Children