Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 5864 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Appliance certificate vs. my own

Roger

Hello

I'm fairly new to the certificate topic. This raises a couple of questions. But let's start at the beginning. I want to do https decryption and scanning as well as email imaps and smtps. At the moment I selected the xg's internal certificate and it seems to work fine.

I also have a couple of webpages on my private NAS which resides in my LAN and is protected by the Sophos XG. The NAS already has a Let's encrypt certificate itself (registered to my own domain).

Being the owner of my own domain, I could use Let's encrypt to create my own certificate for the Sophos XG. Is there a benefit for me doing my own let's encrypt certificate for the XG? Or should I just use the built-in default certificate?

Thanks

Roger



This thread was automatically locked due to age.
  • 0 in reply to Roger

    Rogert.

    If you are using the digital certificate inside the company and you can add your local CA to the "Trusted Autority",  in order to avoid "CA not trusted", it does not make difference. Using single CA, means you have to add and trust only one CA.

    You can keep the internal XG's certificate and do ssl decryption and inspection. If you would, instead, buy a certificate from registered CA, then the CAs is already trusted inside browser and you do not need to trust the CA into your client browser, so it will be easier for you. It depends on your needs.

    This is a basic explaination on CA and digital certificates.

Unfiltered HTML