Hi as per the subject in the ApplianceCertificate certificate in the subject field I have incorrect values such as the email field, in which na@example.com is reported how can I correct this data? thank you Oggetto /C=NA/ST=NA/L=NA/O=NA/OU…

Hi, Certificate list request ends up getting a TAR archive instead of API output. Request made is as following: <Get><Certificate><Filter key="Name" criteria="like">cert name</Filter></Certificate></Get> or <Get><Certificate></Certificate><…

Hi, Despite my positive feelings regarding Sophos products, API documentation is worst I have ever seen! It lacks very basic command explanations or examples, for example to delete the certificate it says that Name attribute is required BUT, it does…

Hi, I'm trying to get list of uploaded certificates using API to determine if the upload process required. API doc show only Add/Update or Delete certificate. Where is option to get list of certificates or get certain certificate by its name for instance…

Hello, I have a sophos xg appliance with https scanning enabled. The appliance seems to cache website's certs. Sometimes if the maintainers of website misconfigure SSL settings, a wrong certificate is served by the webserver and this gets cached…

Hi all, having a few issues with expired certs that are on the XG. (Google namly) I have deleted the certs from the XG using putty ssh in /var/certcache/ I am now having other domain with the same error (xg thinks the cert is expired when…

We will be migrating from the XG 310 to the XGS 3100 and I was wondering if the previously installed SSL client software would connect to the XGS3100 as it does currently to the XG310? Is there a client upgrade that needs to happen as well? Thanks.

We just recently upgraded from an XG to XGS firewall and having random issues with certificates. I've had to manually add updated ROOT and Intermediate CA certificates for Digicert and a Top Level DOD certificate among others. I have never had any issues…

Hello, Starting to get a bit frustrated with the Sophos web certificates - think I am going around in circles. I have both the Default Appliance certificate and the Security SSL Certificate installed into the Trusted Certificates store on a Windows…

Hi Community So I am having trouble with configuring SSL certificate Currently I have a webserver hosted outside with a wildcard SSL Certificate Now I have webservers hosted on-premise that I want to upload the SSL Certificate too. If I revoke…

Dear expertise, i have one server currently put on DMZ behind sophos XG. currently using XG230 (SFOS 18.5.2 MR-2-Build380). this is server is running on apache and using an entrust SSL certificate configured on host. on XG we have several LAN created…

I've been trying to get locally signed Certificate to work for the firewall's LAN IP. Unfortunately with all effort i tried, microsoft edge still consider firewall's page as non-secured. However when switched to public ip instead, it works. Currently…

Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

My HA XGS136 cluster is experiencing this issue with heartbeats: I get an error alert in Sophos Central The renewal of your Heartbeat intermediate certificate has failed Looking in the heartbeat log I can see failures. tail /var/tslog/heartbeatd…

Hello, I am running Sophos XG (Home) 18.5.4 MR4 and about to set up a remote-access SSL VPN profile, but changing SSL VPN settings will just not work and settings keep reverting back to default. There have been at least 2 precedences to my knowledge…

Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hi, im have added default Sophos CA to Trusted Root Certification Authorities on my pc, also in firefox and still getting Unsecure connection error in Firefox (tested with 3 web browsers)... Do i need to generate locally-signed certificate with public…

Just for someone else with the same problem, I had a ticket with Sophos (for months just to get this answer...) because I didn't get this one working: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates…

Good morning! Having a hard time installing the client portal cert onto an iPad, I suspect it's because the self-signed cert I am using has expired (though it still works on devices that have already downloaded it). Task is to renew a cert in Certificates…

Hi Sophos, We currently use the SSL VPN for our remote user base, but as the included SSL certificate expires somewhat regularly we have to reinstall the local client. Whilst not the end of the world, it's an inconvenience when we have a significant…

Hello, I am new to the Sophos community. I am starting with Sophos XG Firewall. I have a Sophos XG86 that was working fine with a SSL VPN site-to-site connection in version 18.0.5MR5 to a remote site. I upgraded the remote site to SFOS 19.0.0.0 GA (Sophos…

Hallo zusammen, gestern habe ich das Upgrade von SFOS 18.5.2 -> SFOS 19.0.0 GA-Build317 durchgeführt. Seitdem kommen bei Outlook (2019) immer die Zertifikatsmeldungen bei erstmaligem Abfragen der E-Mail Konten (IMAP+POP) Ich habe geschaut, das SSL…

Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal. Captive portal is using SOPHOS cert which is not correct in my setup. See below images. Have tried fresh re-install, upgrade removing and re-adding…

So we have 2 firewalls at different locations and we want to implement SSL/TLS inspection. Instead to installing 2 certificates we would like to use 1 for both firewalls. Is that something that is possible?

We purchased a bunch of XGS 136, reimaged them with MR2 and now upgraded them too MR3. Now I noticed that the default CA on all machines looks like this: This results in the default ApplianceCertificate to be issued by the Default CA looking…