SSL VPN and certificates

Question

Hi, 
 One thung bothers me regarding SSL certificates. I will have some 30 SSL VPN users on XGS , and I intend to install commercial SSL certificate. But it only has 1 year validity. 
 Does it mean I will need to push .OVPN config to end users every year? Or should I use another certificate for VPN users? But in this case I am afraid some cert validation arror might prevent connecting in the future. 
 
 What's best scenario for this?

Vivek Jagad · Answer

Hello Andrej Pirman , Thank you for reaching out to the community , You can upload the new certificate on the firewall, but as soon as you replace the old certificate from VPN > Show VPN settings > SSL VPN > SSL server certificate with the new one, the remote user's certificate will become invalid, and they won't be able to log in to the Remote SSL VPN. 
 Remote SSL VPN user certificate will be re-generated based on the new certificate when the user downloads the new configuration from the user portal, so the process remains the same that you had to follow last time. 
 However, if you use Sophos Connect Client 2.2 for SSL VPN, this process of re-downloading the new config with the new certificate is automated. Ref: When will SSL VPN users need to re-download the configuration .

SSL VPN and certificates

Top Replies