Good afternoon, When we accessed Sophos through the browser, we got an insecure certificate alert. We imported a new certificate into Sophos (the same used on our website), but the following message appears in the certificates menu: Certificate…

I have tried to go to Certificate, and import it there, but it is not Trusted. . Certificate authority: Invalid or not installed Issuer /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA What…

I am investigating importing our TLS certificates using the SFOS API but running into an error that I am struggling to understand. The request XML: <? xml version "1.0" encoding "UTF-8" ?> < Request APIVersion "1905.1" > <!-- API Authentication…

What is the way to whitelist and add a self-sign cert (Windows Server) on the firewall? Of course I can import the certificate under certificates but its is still not valid (red cross). e.g. Exchange server is using a self-cert for SMTP SSL/TLS connection…

Hallo, any reason why the (build-in) CA cert from Sectigo RSA Domain Validation Secure Server CA was removed the last days? Is that normal or a bug, pattern updates? Anyone else has this CA on the firewall? Had to add it again manual by hand to work again…

Hej together, does anyone know a way to monitor the installed certificates on the Sophos Firewall. Especially the expiration date would be interesting. I have not found a way via SNMP, SYSLOG or API. I would like to query this from our central monitoring…

Hi, we are using sophos-xg-210,self generated Certificate used but in monitoring its showing no secure protocol available so please help us to find out where is issue.

Good day to you all When I add a new certificate or certificate authority, always get the next message: "The operation will take time to complete. The status can be viewed from the Log viewer page" New certificates never appear. I found nothig…

Hi, I have a defective XGS2100, an RMA has been opened and a new product will be sent back to me. When it arrives I will do a configuration restore starting from the backup of the faulty one, but two questions arise: 1) I have 5 RED20 devices connected…

Hello, I want to replace an SG firewall with an XGS. I donwloaded the wildcard certificate (.pem) and the certificate of the CA from the SG and uploaded them on the XGS. Though the the wildcard certicicate doesn't trust the CA. How can i solve this…

Hi, We have one VMWare server protected by this Sophos firewall. All our enterprise web applications are hosted on this server. Now, after accessing these enterprise applications, even though they are passing through the firewall, we are getting…

Hi I cant find anything recent on this in the forums. Im looking to purchase a wildcard certificate for securing several things. Are there any issues i need to be aware of using either a comodo positivessl (cheaper) or essentialssl? I would…

XGS 136 and 19.x firmware. Didn't find universal info how to generate proper CSR and how to import the public SSL Certificate to XGS For Request / Subject name attributes: Common name: domain name or FQDN including the host name? For Request / Subject…

Hello, Is there a SSL expert in the house? I was on a PUBLIC WiFi AP yesterday and was shocked to find out my websites SSL from DigiCert was not used. In fact, the WiFi said that my SSL Certificate is coming from Sophos. Below I will display what…

Greetings everyone! This is my first time installing a renewed SSL certificate for our email server in our new XGS firewall. Where are all the places the new certificate needs to go? I've uploaded it in certificates. Applied it in email general…

Greetings everyone, In XG firewall, I need to install and configure a renewed SSL certificate from Go Daddy. We have an Exchange server on premise. I've uploaded it into certificates. Applied it in firewall HTTPS OWA SMTP rule. Applied it in email…

Our customer recently updated the windows system patch. After the update, open the Outlook client, and always pop up a certificate warning. As shown in the figure below, please help analyze the cause of this problem, whether it is related to XG Firewall…

I am currently using SFOS 19.5.1 MR-1-Build278. I am hosting Emby (similar to Plex, I used Plex as it is more popular) container on my Qnap NAS, being protected by WAF. I have my own domain name from Porkbun, and I was able to generate SSL (Letsencrypt…

Hi foks, I am running v19.5.1 on the XG and macOS13.3 on the mac book pro and mc air. A couple of sites no longer work and the default is https even though I enter hrttp.If I use a hotspot the issue is not observed. I have a mac mini in which the…

Noticed some issues today with some popular SSL sites (linkedin, live, . These issues existed for some days but no one complained. The traffic was scanned by TLS/DPI engine and the servers had certificates issued by "DigiCert SHA2 Secure Server CA"…

I uploaded the certificate in every format (.pem,.pfx,.Cer) but none of showing trusted and always showing RED (X) in trusted for certificate issued from Digicert website. Please assist me to fix on this issue at earliest. Please find the attached screenshot…

Hi, purchased an XGS2100 to replace our SG230 for our Public WiFi connection. The device is not on a domain and has its own internet connection. It is only used for members of the public to get access to the internet on their own personal devices…

I have been using SG135 UTM for 5 years and I decided to upgrade to XGS136. Just like in the UTM, I want the web admin certificate to be valid. I have made a locally signed self-certificate, installed and trusted but I'm still having issues above. I have…

Using XG 19.5.0 GA. I can only download the ApplianceCertificate as a *PEM. file. I am certain it was letting me choose the other formats once before. Now the only file format it allows to download is default.pem and appliancecertificate.pem which cannot…

Continuing on the discussion below: community.sophos.com/.../507230 Is there an easy way to do this from front end? This has become a common occurrence now, with the latest incident involving Google's certs. The given workaround requires usage…