Hi Everybody, We are using an enterprise CA for Deploying Certificates to our Clients and the CA ist trusted by the Firewall and everything works. When enabling SSL/TLS Inspection we are facing the Problem, that Microsoft Remote Desktop Client forcefully…

I am trying to update the certificate on my Sophos XG (SFOS 18.5.2 MR-2-Build380). I've created the CSR and when I try to submit it to the CA I'm getting the below error: CSR can not have a passphrase / challenge phrase. Enter a new CSR. I don…

When updating a Cert from year to year. Why does the "Domains" in a waf rule reset to default. This is annoying. If the coverage of the cert is the same it shouldn't reset the field.

Hello, I've been using the Sophos XG for a number of years with an SSL certificate that I use for the Admin portal, etc. I use a wildcard certificate that I purchase so that I can use it on some other servers as well. Today, I purchased a new wildcard…

Hi Community, I have the following Problem: A customer needs an SSL-Certificate renewed, that is only used for XG (Webserver, Userportal, Webadmin). For this i need the private key. A collegue renewed it last year und uploaded it on the Sophos XG…

Hello there, first of all, let me short introduce myself: i am a sophos XG Home User since the weekend. I believe the Sophos XG is a fine solution for every home user. i even would pay for it, even for support. i am using a simple micro-system with…

Hi! I've bought an Alpha SSL wildcard certificate. I've imported it i my XG 125 But when I go to the WAF firewall rules, I don't see it What stem am I missing? I've done it some years ago, but...I can't remember! Thanks!

Good Morning! Dear Sophos Community, Could you help me to understand about an issue, We are following a sophos KB support.sophos.com/.../KB-000041071 Which shows us how to generate the CSR certificate to be sent to the CA for signature, so far so good…

So, 2 years ago a goDaddy SSL cert was added to XG and been used since that date. It is now renewed with goDaddy and downloaded. I tried replacing existing one with new one, but it said a rule/policy was already using it. So I then added the certificate…

Too many cooks and s omething has become messy with certificates on our XG and I need some help to get this sorted. (SFOS 18.0.5 MR-5-Build586) virtual Trying to upload a pfx-certificate generated by our certbot gives the dreaded red X. Mousing over…

I am having troubles with installing certificates in Sophos XG Home. Ultimately, I would prefer to setup and install my own CAs(root and intermediate) and use certificate from my own CAs for the web interfaces and for SSL inspection. I setup the root…

Hi all, we have installed a new xgs firewall and up to now we trying to keep things save and at a high security level. So we also check Certificate Errors. Today we get an error when access a site which i dont understand. Sophos says TLS Cert is invalid…

I get a 404 error when trying to sign in through Azure when we are not on the office domain. When we get redirected to our local adfs sign-in page the Sophos SSL certificate is being used causing a mismatch and the 404 error. The azure login works correctly…

I have followed the steps on this thread https://community.sophos.com/sophos-xg-firewall/f/discussions/130486/certificat-let-s-encrypt-untrust but the certificate is still showing as untrusted and i am unable to select it for the admin/client interface…

Hi folks If create a Lets Encrypt certificate (pfx, fullchain cert) and uploaded it to my freshly installed Sophos XG ( SFOS 18.5.1 MR-1-Build326). The certificate is uploaded but shows up as untrusted (red cross). The chain of the certificate…

Hi threre. With the Firmware update SFOS 18.5.1 MR-1-Build326 we ran into trouble with our LDAP authentication. Our Domain controllers are using Let's Encrypt certificates to allow secure LDAP access (LDAPS). The problem seems to be, that the certificate…

Hi, I recently went through and updated some of my older LetsEncrypt certs and when I imported them they were showing up as Untrusted. The rest I had were still trusted. Unsure as to why, I removed the LetsEncrypt R3 Intermediate and the ISRG Root X1…

Earlier this year I setup VPN on an XG 135 (SFOS 18.0.4 MR-4) and documented the steps. I am trying to follow the same steps on a new XGS 116 (SFOS 18.5.1 MR-1-Build326) but have encountered a difference that I would like to clarify before going further…

Hello: We have a third party certificate from Digicert that we have installed on our Sophos XG210 firewall that will be expiring on 11-08-2021. I need to reissue this certificate via Digicert but I need to add our CSR on the Digicert site to start the…

Hello, We would like to use our own SSL certificate for our Sophos User Portal so users aren't presented with the "Not Secure" warnings when going to the user portal. We have our wildcard SSL imported into the Sophos Firewall. When I went to Administration…

After the latest DST X3 certificate issue. All of my Let's encrypt certificats is not being validated correctly on my Sophos XG. Everything updated to latest version. I've tried to remove the Let's Encrypt R3 certificates. Re-upload the new ones. Followed…

Hello, I have at several computers this next problem. At working computers I can see certificate of remote server with certificate of Sophos but at some other set of cumputers I see this Certification Path : certificate of Sophos CA is…

Hello everyone , I recently updated my let's encrypt certificate. This is considered unreliable by the sophos. While it is valid. I use it in WAF rules and it works well. No message from different browsers. As the certificate is considered invalid…

Please read this article to fix Web Proxy issues that come up today with some LetsEncrypt sites: https://support.sophos.com/support/s/article/KB-000042993?language=en_US Delete the expired CA from the CA store on the XG. Solved our issues. You…

hi, i have XG210 (SFOS 18.5.1 MR-1-Build326), i uploaded a godady certificate on it. i also uploaded the CA and intermediate CA certificate on it. in certificates against this certificate trusted is green tick. but when i want to use it for we administration…