Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 3 answers
  • Subscribers 43 subscribers
  • Views 35940 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding a Windows Server CA to the CA List

Sandy Millar

Hi All

I am new to XG and having certificate issues.

I want to be able to add my own Windows Server Certificate Authority to the XG.  The Windows CA is the root for my environment.  I have used the Windows Server CA web admin to download the CA certificate, however I cannot get the XG to accept the certificate no matter what option I use. I get this error "Certificate Authority could not be uploaded". 

I am also having trouble importing commercial host certificates (DigiCert), including certificates that used a CSR created on the XG.  I have tried to update their CA certificates but have the same issue as with the Windows CA.

I have tried all manner of certificate formats, without luck.  It is like the whole certificate service is broken, or I don't have the correct rights to perform certificate functions.  All the different certificates I have tried all import into Windows and Linux hosts are appear to work fine.

I am using version XG 16.01.0 running in Hyper-V.

Can anyone please advise.

Thanks in advance

 



This thread was automatically locked due to age.
Parents
  • +1

    Thanks for all those folks that responded to my question.

    Now here is something interesting.  I noted in an unrelated posting that someone was having trouble updating firmware, with a response that the issue could be related to Firefox. The same browser I have been using.  I thought, what the heck and tried the certificate upload with Chrome, and it worked.  This strongly suggests that there is an issue with XG WebAdmin and Firefox.

    Thoughts anyone?

    Thanks again

    Sandy Millar

     

Reply
  • +1

    Thanks for all those folks that responded to my question.

    Now here is something interesting.  I noted in an unrelated posting that someone was having trouble updating firmware, with a response that the issue could be related to Firefox. The same browser I have been using.  I thought, what the heck and tried the certificate upload with Chrome, and it worked.  This strongly suggests that there is an issue with XG WebAdmin and Firefox.

    Thoughts anyone?

    Thanks again

    Sandy Millar

     

Children
  • 0 in reply to Sandy Millar

    Hope that someone from Sophos ( or ) can confirm that this is a bug.

    Thanks

  • 0 in reply to Sandy Millar

    Genius Sandy! I was using Firefox as well. Tried Chrome and imported the CA certs and my own SSL cert without any dramas. Definitely an issue with using XG and Firefox.  

  • 0 in reply to Sandy Millar

    hello

     

    I have the same issue and i was using Firefox and I tried chrome and explorer and I am getting the same results

    please I need your help

     

    I followed the following steps:

    1) from my CA server, I opened the certificates MMC

    2) I right click the CA certificate>all tasks>export>next> next (no, do not export the private key)> next (Der encoded binary ...)> select file name and location> export completed successfully

    3) I right click the CA certificate>all tasks>export>next> next (yes, export the private key)> next (Personal Information Exchange (tried all options))> next(password and confirm password) >select file name and location> export completed successfully

    4) on my XG certificates> certificate Authorities> Add> name, format(DER), browse the certificate, browse the Key, enter the password specified in step number 3, > save

    and i always got the same error message

    what is the solution pleeeeeease

    best regards

  • 0 in reply to Suleiman

    MrSuleiman,

    in steps 2 it seems you are exporting Certificate and not Certificate Authority. Send me a PM if you need help.

Unfiltered HTML