I am running Sophos XG (Home) 18.5.4 MR4 and about to set up a remote-access SSL VPN profile, but changing SSL VPN settings will just not work and settings keep reverting back to default. There have been at least 2 precedences to my knowledge that have things to do with the certificates in the system:
_Precedence #1: https://community.sophos.com/sophos-xg-firewall/f/discussions/126620/xg-18-0-4-ssl-vpn-options-do-not-save-apply
_Precedence #2: https://community.sophos.com/sophos-xg-firewall/f/discussions/96195/unable-to-save-ssl-vpn-configuration-and-or-download-client
Now that I know changing the Default CA (left blank in my system) or re-generating the ApplianceCertificate can fix this, but the latter one can be riskier and thus requiring Sophos Support Specialist. Since I am only a home user, asking for specialists' help can be a hassle.
Any Sophos tech support staff here can help me filling out the Default CA, especially the passphrase ? Thank you very much in advance.
Essentially the issue occur due the case of missing information in contact information. You need to fill out those information on the website with your address etc.
This will help for the next time - For…
Is your firewall registered?
And what do you have here: https://www.sophos.com/en-us/mysophos/my-account/network-protection/contact-information
Any special characters used on this website?
Thanks for your reply. As these information are sensitive, I have just sent it to you in private. Pls check your inbox for my message.
Thank you very much for your time and caring.
This will help for the next time - For this appliance, you need to fill out your information as well as a Private Key Passphrase, which is not needed for anything else. So you can simply leave everything as it is - Fill out your contact information and hit save.
Hi J Thai
When you update the default CA, it's automatically regenerated.
If a CA expires or is compromised, you can regenerate it.
To regenerate a CA, do as follows:
To regenerate the default certificate, go to the Manage column and click Regenerate certificate .
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Thanks for your advice. I myself do not own a web domain. What else can I fill in the Common Name field ?
Common Name is the hostname of the appliance. This can be a hostname or a FQDN. You do not need to own a domain for that. Hostname is fine.
Can I use the serial number of my license as the hostname then ?
Hi J Thai
By default, on Sophos firewall, the Common Name filled with an Appliance key like "Default_CA_Appliancekey"
Also, you can go to System -->Administration -->Admin and User Settings, you can use the same hostname you have set on the firewall.
Hello buddy, thanks for your reply.
Here is my Appliance Certificate:
Here is my system's host name, which also happens to be the serial number in my license:
So what to do with my blank Default CA now ? Which information should I be inputting into it, particularly the 'Common Name' field ?
Hi J Thai
Yes, you can fill as per the hostname like "Default_CA_serial number" as a common name field
For more information check : https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificatesDefaultCAUpdate/index.html