Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi,
One thung bothers me regarding SSL certificates. I will have some 30 SSL VPN users on XGS , and I intend to install commercial SSL certificate. But it only has 1 year validity.
Does it mean I will need to push .OVPN config to end users every year? Or should I use another certificate for VPN users? But in this case I am afraid some cert validation arror might prevent connecting in the future.
What's best scenario for this?
Hello Andrej Pirman ,
Thank you for reaching out to the community , You can upload the new certificate on the firewall, but as soon as you replace the old certificate from VPN > Show VPN settings > SSL VPN > SSL server certificate with the new one, the remote user's certificate will become invalid, and they won't be able to log in to the Remote SSL VPN.
Remote SSL VPN user certificate will be re-generated based on the new certificate when the user downloads the new configuration from the user portal, so the process remains the same that you had to follow last time.
However, if you use Sophos Connect Client 2.2 for SSL VPN, this process of re-downloading the new config with the new certificate is automated.
Ref: When will SSL VPN users need to re-download the configuration.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
