Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 5 answers
  • Subscribers 40 subscribers
  • Views 3244 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate renewal fail

André Besteiro

Hi,

Our certificate for the site expires today and we've tried uploading a new one and it's imported but it's listed as untrusted.

It's an Alpha SSL certificate and our service provider gave us the .csr and .key file. We copied the contents of the .csr file into a notepad and saved it as a .crt file. Then with OpenSSL we created the .pem file, using the .crt and .key.

We uploaded the .pem file to Sophos but it appears as follows:


We need help urgently.

Best Regards
Luis



This thread was automatically locked due to age.
Parents
  • 0

    Ola,

    the CSR is the file you need to have your "certificate signing request" (CSR) being signed by the public CA of (for example) AlphaSSL.

    Normally they will validate your ownership of the domain you are requesting this certicate for and after a successful validation you will receive a crt, cer, der or pem file.

    So you have the private ".key" file from your own certificate signung request that you created with OpenVPN, I think. The CSR is not needed anymore after you received the public certificate from the public CA like AlphaSSL. You should keep them in a secure place, though.

    For uploading to the firewall system, you need either both files: certificate (in pem, der or cer format) and private key.

    Or you have a combined pkcs format like .p7b or .p12, where cert and key are stored in one file.

    In both cases you have to supply the password for the private key when importing to the firewall as a security measure.

    Then the Sophos system will accept this certificate as "trusted"

    Hope this helps.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Ola,

    the CSR is the file you need to have your "certificate signing request" (CSR) being signed by the public CA of (for example) AlphaSSL.

    Normally they will validate your ownership of the domain you are requesting this certicate for and after a successful validation you will receive a crt, cer, der or pem file.

    So you have the private ".key" file from your own certificate signung request that you created with OpenVPN, I think. The CSR is not needed anymore after you received the public certificate from the public CA like AlphaSSL. You should keep them in a secure place, though.

    For uploading to the firewall system, you need either both files: certificate (in pem, der or cer format) and private key.

    Or you have a combined pkcs format like .p7b or .p12, where cert and key are stored in one file.

    In both cases you have to supply the password for the private key when importing to the firewall as a security measure.

    Then the Sophos system will accept this certificate as "trusted"

    Hope this helps.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML