Appliance certificate vs. my own

Question

Hello 
 I'm fairly new to the certificate topic. This raises a couple of questions. But let's start at the beginning. I want to do https decryption and scanning as well as email imaps and smtps. At the moment I selected the xg's internal certificate and it seems to work fine. 
 I also have a couple of webpages on my private NAS which resides in my LAN and is protected by the Sophos XG. The NAS already has a Let's encrypt certificate itself (registered to my own domain). 
 Being the owner of my own domain, I could use Let's encrypt to create my own certificate for the Sophos XG. Is there a benefit for me doing my own let's encrypt certificate for the XG? Or should I just use the built-in default certificate? 
 Thanks 
 Roger

lferrara · Answer

Rogert. 
 If you are using the digital certificate inside the company and you can add your local CA to the "Trusted Autority", in order to avoid "CA not trusted", it does not make difference. Using single CA, means you have to add and trust only one CA. 
 You can keep the internal XG's certificate and do ssl decryption and inspection. If you would, instead, buy a certificate from registered CA, then the CAs is already trusted inside browser and you do not need to trust the CA into your client browser, so it will be easier for you. It depends on your needs. 
 This is a basic explaination on CA and digital certificates.