Hi All, I am clearly missing something here, but Google is not my friend on this one as I cannot find out what. I am trying to install an SSL cert to use in WAF and Mail. I created the CSR Downloaded the request Requested the SSL from GoDaddy…

Hello all, I wanted to share my solution for easy certificate management. If you have a DNS service and a Windows machine, this may work for you. First, check out Certify The Web . This tool runs a service on your machine that manages your certificates…

In order to control kid's internet access time, I enabled the authentication. If using "web authentication for unknown users", timeout will happen after about 10 min if using other app such as YouTube. Hence I try to deploy the agent. The problem is the…

Hello, I was using a local CA certificate for Web Filter, it was working as expected but yesterday the certificate expired, so I renewed it, deleted the old expired certificate and imported the new one but now the XG is ignoring it and trying to use…

Trying to delete some expired Certificate Authorities that are no longer used by any of our WAF rules, but receive "Certificate authority could not be deleted" Using WinSCP and navigating to /conf/certificate/cacerts/, the certificate authorities…

I wanted a way to auto update my letsencrypt certificates for use on my XG firewall and WAF rules. I developed this script to handle multiple certificates, and to be as dynamic as possible. The approach I took to achieve this is the following: 1) Within…

I just want to get a certificate for the webadmin login. What are the brands that I can buy? Will comodo positive ssl works?

I have followed closely step by step on this KB. https://support.sophos.com/support/s/article/KB-000036904?language=en_U I still cannot get rid of the Not secure warning by the browser. Am I missing something here? Ot do I need to buy my own CA…

At a small remote remote site, there is a XG HA pair. Since Aug 22 Heartbeat is no longer working there. XG106_XN01_ SFOS 18.0.5 MR-5-Build586 We receive an informational mail on the same day (Aug 22) : So 22.08.2021 02:11 You are receiving this…

Hi, I'm trying to create an IPSec VPN Connection, I did followed this guide -> docs.sophos.com/.../VPNIPsecSophosConnectClient.html But, when I click in "Apply" button, this error message shows up "'undefined' remote certificate has expired or…

hello we have two sohos xg in different locations, each one has different ports and configuration our users use android and windows agents to access the internet. the problem is that the two XGs have different client certificates, so when user move…

Since SFOS 18.0.5 (18 MR5) it is no longer possible to download self-signed certificates as .p12-certificate (certificate with private-key). It is only possible to download the certificate as .crt without private-key. Does anyone have an idea how…

Howdy, Can someone please tell me where the log files for certificate import are located on SFOS 18.5? I'm trying to import a wildcard certificate that's been exported from a Windows Server as .pfx (just the certificate, not the certificate chain…

Hello. I would like to install a SSL Certificate for my User Portal to avoid a Certificate Warning in the Browser by accessing the User Portal via Internet (https). I already know this Tutorial: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help…

Hallo, ich teste derzeit die XG Firewall als VM/Software mit einer Home Lizenz. Ich würde nun gern ein Zertifkat für das Portal (Admin und User) installieren, allerdings kann ich Bereich "Zertifikate" -> Hinzufügen die Maßnahme "Zertifikatssignaturanforderung…

Hello I'm wondering how Sophos XG validates the certificate chain (web surfing ssl inspection). We use web policies with "block invalid certificates" on a new installed sophos XG for a customer. Normally, we don't see a lot of blocked websites due to…

Hi all, I do have a problem installing/using a signed ssl cert for securing http access to the admin panel and user interface. What I did: I created a csr in Sophos XG (18.0.5) I used the csr to order an offically signed ssl cert after verification…

We're having issues with some Ring Central pages being blocked. You'll see an error like: But the certificate details look reasonable to me. In the SGX I find: The certificate in the block message looks the same as the second certificate to me,…

i've noticed that in SFOS V18 downloaded certs are now in CRT instead of PEM format. Strangely enough when you upload certificates into a V18 appliance it doesn't expect a CRT file. Additional work needs to be done with converters before it can be used…

Hi there, Our IPsec VPN Client was working fine but suddenly it stopped working giving this error 'Filed to established child SA' knowing that the SSL client VPN is working fine. In the Admin page of Sophos VPN it says ' 'undefined' remote certificate…

I would like to setup sophos network agent for authentication to a Wifi Network on iOS. Followed this guide to generate self signed cert: https://support.sophos.com/support/s/article/KB-000038295?language=en_US But when I get to Step #4, I only see…

Hallo Liebe Community, ich habe seit gut einem halben Jahr massive Probleme mit einer meiner XGs. Ich muss zuerst sagen, dass ich von Sophos absolut null Ahnung hatte als ich zu meinem neuen AG kam und das Erste was man wollte ist die alten UTMs loswerden…

Hello everyone, Recently, I have been experiencing some issues for having HTTPS scanning/decrypting active in the rules on my network. For some reason, when I try to access some websites I got a Sophos block message saying that the certificate its…

Good day. I would like to ask for your assistance about adding an updated certificate to publish my webserver. When I try to add a certificate, It will not show up on my Business application rule>>>> Https Certificate Entries. I uploaded the .dem file…

On my windows machine I have installed the "Default" CA as well as the Appliance certificate (which I am also using for SSL/TLS inspection and SSLVPN). When I try to go to the IP address of the firewall I get this error: NET::ERR_CERT_COMMON_NAME_INVALID…