Sophos UTM 9.5 SSL VPN, SSL certificate can't be selected

Hi Marcel,

Go to:

Webserver Protection / Certificate Management click "New Certificate" then choose Method Upload to upload your PKCS.

Next you should be able to go to Remote Access/SSL/Advanced - here you can choose the "Server Certificate"

Is that what you are doing and the Certificate is not diplayed in the drop down menu?

Regards

Jason

Hi Jason,

I did the same not in Webserver Protection -> Certificate Management, but in VPN -> Certificate Management. In the Webserver Protection -> Certificate Management, my certificate is displayed also (I think its the same just another way to reach it), but its still not displayed in the drop down menu.

Regards

Marcel

Hi Marcel,

This is strange i testet it for myself just now and it is working.

I´ve had some similar problems in mail encryption and the cause was the Firmware so lets just quickly compare our Firmware Version

mine is 9.510-5 are you maybe on an older Version?

What happens if you manualy create a certificate just something random just to check if its a display error or something else.

Regards

Jason

Hi Jason,

we both got the same version.

I created i test cert. with vpn id methode hostname called vpn.company.de and it shows up in vpn->ssl->advanced.

Regards

Marcel Cepok

Hi Jason,

we both got the same version.

I created i test cert. with vpn id methode hostname called vpn.company.de and it shows up in vpn->ssl->advanced.

Regards

Marcel Cepok

Hi Marcel,

The only Problem i know of similar to this was a user having the issue with an XG Firewall.

The Solution to the Problem was that he could not see certificates which havent been created with a CSR.

You might be able to create a CSR with this instruction: https://community.sophos.com/kb/en-us/115976

Once the CSR is done you can copy the CSR Request to your CA. I can not assure you that this will work but as i said

the other user who had this problem did it and then was able to see the certificate.

Regards

Jason

Hi Marcel,

do you use a wildcard certificate?

This certificates are not supported on the remote access tab.

Best Regards
DKKDG

Hi DKKDG,

I am trying to use a multi-domain-certificate, does that work, or is that not supported as well?

Best Regards

Marcel

Hey Marcel,

Wildcard certificates can be used with the following in UTM 9:

• Webserver Protection
• TLS Encryption
• Webadmin
• Userportal

 You can use SAN Certificates tho i just checked that.

Regards

Jason

Hello Jason,

I just ordered a 30 day trial ssl single-cert but I still can't select it, even if it's green, but in the WebAdmin-Tab it can be selected.

Hi Marcel,

please send me the website where you created your 30 day trial ssl certificate.

i will create one for myself and import it to see what happens.

You can PM me with that information or post the link here.

Regards

Jason

Hello Jason,

it's this site: https://www.psw-group.de/ssl-zertifikate/einzel-ssl-zertifikate/ , but I don't know if they've got an english site. I've ordered a Comodo Lite Certificate.

EDIT: I think I've found the problem myself: PSW offers a special service for ssl certificates, orders for ssl-certificates automatically include www.fqdn.* or fqdn.* if the wanted fqdn is www.fqdn.* . I am not quite sure if that's is the problem, but I think so. I hope my explanation isn't very bad.

Naja Marcel, der Jason spricht auch Deutsch also wird er damit keine Probleme hab'n. ;-)

MfG - Bob

Korrekt, ich bin auch deutsch, ich schaue mir das mal an. PSW Gruppe kenne ich sehr gut.