When I try and upload a certificate to our firewall I am getting the below error. I've tried this in Chrome, Edge and Firefox
The response shown in the browser in dev mode is below:
{"transactionID":"23415539","status":500,"message":"Message.CertEditGenerateFailed","entity":{"map":{"hextimestamp":"A","___serverport":4444,"certformat":"pkcs12","certfile":"/sdisk/upload/88ee5337-512e-4a00-9777-400cf381dcef.pfx","___component":"GUI","type":"u","transactionid":"23415539","uploadcertpassword":"xxxxxx","mode":359,"certop":"u","uploadcertname":"dc","currentlyloggedinuserid":70,"APIVersion":"2000.1","___serverprotocol":"HTTP","certificatename":"dc","isdefault":"n","___username":"xxxx","___meta":{"map":{"sessionType":1}},"___serverip":"127.0.0.1","currentlyloggedinuserip":"192.168.212.54"}},"redirectionURL":""}
I found the following old post, but changing browser made no difference. SFOS 18.0.5 MR 5 - Certificate Could Not Be Generated - Discussions - Sophos Firewall - Sophos Community
We are currently running SFOS 20.0.0 GA-Build222
Does anyone have any suggestions how this might be resolved?
Since the certificate has expired RADIUS auth used by the SSL Remote Access VPN has started failing with the below event log on the RADIUS server:
Reason:AADSTS700027: The certificate with identifier used to sign the client assertion is expired on application. [Reason - The key used is expired., Thumbprint of key used by client: '887E03AB21B9E330A43476EB25713B55FD1B32C4', Found key 'Start=01/04/2023 16:44:51, End=01/03/2025 16:44:51'
The expiry date of the certificate I am trying to replace is similar, but not the same. The SSL VPN is now set to use the appliance certificate, but still does work, so I am hoping this is related and will work once the certificate is updated.
Added TAGs
[edited by: Raphael Alganes at 1:26 PM (GMT -8) on 6 Jan 2025]
