Hello, Starting to get a bit frustrated with the Sophos web certificates - think I am going around in circles. I have both the Default Appliance certificate and the Security SSL Certificate installed into the Trusted Certificates store on a Windows…

Hi Community So I am having trouble with configuring SSL certificate Currently I have a webserver hosted outside with a wildcard SSL Certificate Now I have webservers hosted on-premise that I want to upload the SSL Certificate too. If I revoke…

Dear expertise, i have one server currently put on DMZ behind sophos XG. currently using XG230 (SFOS 18.5.2 MR-2-Build380). this is server is running on apache and using an entrust SSL certificate configured on host. on XG we have several LAN created…

I've been trying to get locally signed Certificate to work for the firewall's LAN IP. Unfortunately with all effort i tried, microsoft edge still consider firewall's page as non-secured. However when switched to public ip instead, it works. Currently…

Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

My HA XGS136 cluster is experiencing this issue with heartbeats: I get an error alert in Sophos Central The renewal of your Heartbeat intermediate certificate has failed Looking in the heartbeat log I can see failures. tail /var/tslog/heartbeatd…

Hello, I am running Sophos XG (Home) 18.5.4 MR4 and about to set up a remote-access SSL VPN profile, but changing SSL VPN settings will just not work and settings keep reverting back to default. There have been at least 2 precedences to my knowledge…

Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hi, im have added default Sophos CA to Trusted Root Certification Authorities on my pc, also in firefox and still getting Unsecure connection error in Firefox (tested with 3 web browsers)... Do i need to generate locally-signed certificate with public…

Just for someone else with the same problem, I had a ticket with Sophos (for months just to get this answer...) because I didn't get this one working: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates…

Good morning! Having a hard time installing the client portal cert onto an iPad, I suspect it's because the self-signed cert I am using has expired (though it still works on devices that have already downloaded it). Task is to renew a cert in Certificates…

Hi Sophos, We currently use the SSL VPN for our remote user base, but as the included SSL certificate expires somewhat regularly we have to reinstall the local client. Whilst not the end of the world, it's an inconvenience when we have a significant…

Hello, I am new to the Sophos community. I am starting with Sophos XG Firewall. I have a Sophos XG86 that was working fine with a SSL VPN site-to-site connection in version 18.0.5MR5 to a remote site. I upgraded the remote site to SFOS 19.0.0.0 GA (Sophos…

Hallo zusammen, gestern habe ich das Upgrade von SFOS 18.5.2 -> SFOS 19.0.0 GA-Build317 durchgeführt. Seitdem kommen bei Outlook (2019) immer die Zertifikatsmeldungen bei erstmaligem Abfragen der E-Mail Konten (IMAP+POP) Ich habe geschaut, das SSL…

Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal. Captive portal is using SOPHOS cert which is not correct in my setup. See below images. Have tried fresh re-install, upgrade removing and re-adding…

So we have 2 firewalls at different locations and we want to implement SSL/TLS inspection. Instead to installing 2 certificates we would like to use 1 for both firewalls. Is that something that is possible?

We purchased a bunch of XGS 136, reimaged them with MR2 and now upgraded them too MR3. Now I noticed that the default CA on all machines looks like this: This results in the default ApplianceCertificate to be issued by the Default CA looking…

Hi, This is the 3rd call I have logged for successful creation of Digital Certificate. Sophos L1 tried based on KB and also shared me the same, but till we are not able to create digital certificate successfully. Can anyone take my remote and help…

I have a DNAT in place from WAN port to internal server on port 443 (HTTPS) for accessing to users workfolders. When you connect to external URL it gives out the sophos XGS 2300 appliance certificate instead of the ssl certificate installed on the server…

Hi,friends! From version 18.5, the product no longer creates a private key when generating CSR and a passphrase cannot be set. However, I was able to obtain the private key by the following method after CSR generation with this product. System …

Hello, Is there a way to update a certificate that is used in WAF Rules without touching every WAF rule?

Hi, While installing a new certificate, I get the error: "Certificate cannot be deleted. Certificate is already used in HTTP based policy." Anyone know how to find where a certificate is being used in an XG-135 v17,5? Two years ago I ran into this…

What I did: I created a csr in Sophos XG210 18.5.2 I used the csr to order an officially signed ssl cert via GoDaddy after verification via dns the SSL was issued I upload the intermediate and root cert Uploaded the hosts cert via .pem…

Hi Guys, i have renewed my certificate on my XG135, i changed the certificate under Administration -> Admin & User Settings, but : This site can’t provide a secure connection vpn.athenion.com sent an invalid response. Try…

Hi all, firewall already uses a wildcard cert for WAF, I tried to set it up for "Admin console and end-user interaction" as it is called in the Admin settings. Applying the cert resultet in not being able to reach the Webadmin and Userportal, neither…