Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.
Hello,
I want to replace an SG firewall with an XGS. I donwloaded the wildcard certificate (.pem) and the certificate of the CA from the SG and uploaded them on the XGS. Though the the wildcard certicicate doesn't trust the CA. How can i solve this problem?
Hello encar ,
Thank you for reaching out to the community, there can be two reasons when this shows as invalid:
1.) The CA is invalid when not in the Sophos Firewall CA certificates database.
2.) Duplicate CA certificates in the database.
We have a work around - NC-84530. Would request you to log a service request and revert us here to investigate this further and get this resolved on priority.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
I now spent some hours to resolve a similar issue with a Let's Encrypt wildcard certificate.
I made updates for my certificate via pfx. Last time this worked without issues but this time I got the red X.
Nevertheless the certificate works for my published websites but not for my Sophos appliance.
So I went through all threads with this issue and found this is not a seldom problem.
I deleted all R3 and ISRG CAs, even went to shell and deleted CAs in /conf/certificate/cacerts where were some related.to my past pfx certs not shown in the web interface.
Then I added R3 and ISRG Root X1 via copy/paste. Which are exactly the ones in my cert chain.
But to no avail. 
What work around do you mean by NC-84530?
