This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upload certificates automatically

Hi everyone,

Can anyone tell me if there is a way to upload certificates and update the rules that use them automatically?

The scenario is this:  I have an on-prem Exchange server that i want to install a Lets Encrypt certificate that auto renews.  I need to get that certificate onto UTM and update the required rules so that they use the new certificate automatically.

is there a way to do this?

Thanks in advance...



This thread was automatically locked due to age.
Parents
  • I imagine one could do this with RESTful API.  Unless this is a question related to WAF, why do you need the cert in your UTM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I imagine one could do this with RESTful API.  Unless this is a question related to WAF, why do you need the cert in your UTM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Essentially i have publishing rules setup for Exchange to protect the exchange server - these require the cert to be both on UTM and exchange (unless I'm mistaken)...

  • Why not just use HTTP between the UTM and Exchange?  That way, you only need the cert on the UTM.  There's no additional protection for Exchange by having its UTM conversations be encrypted if you're going through WAF to reach it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Sorry - I'm a bit confused by that statement.  I've always understood that if you wish to access Exchange using outlook from the web, that Exchange had to have an external URL set to an HTTPS URL, which is then used by the outlook client automatically.  (hence the requirement to have a publishing rule on UTM which uses the same certificate) - it's essentially the same way that TMG used to publish it.... (this is Exchange 2013 by the way...)

  • Yes, Shaun, but Outlook can do an HTTPS conversation with UTM WAF and (I could be wrong) I didn't think that Exchange needed to communicate with a local client using HTTPS.  f you find that my suggestion can't be used, please let us know here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA