Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 7060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Steps to deploy a certificate fir User Portal

ChrisSoukup

We've recently purchased an official wildcard certificate for our domain at DigiCert.
They actually do not provide a PKCS#12 File for download.

It's possible to create a copy of this certificate but I have to provide a certificate request .req file - then I receive a certificate as .cer file. This works well on MS Windows platforms in server applications like Exchange or IIS.

What I want to achieve is to have a valid+official certificate when users connect to the UserPortal. The WebAdmin should also use this certificate.

 It seems the Sophos certificate system works completely different and I'm not sure where to start. I'm also not highly experienced in handling certificate deployment.

Can you give me a hint?



This thread was automatically locked due to age.
  • 0

    I'm sure you can find instructions on converting a .cer file to a .crt file.  I found it easier to do the following with OpenSSL for Windows.  The input.key is the private key from when you did your CSR.

    Convert a .crt to a pkcs#12:

    First, convert the certificate from .crt to PEM:

    openssl x509 -in input.crt -inform CRT -out output.crt -outform PEM

    Next, use the openssl command to read the PEM encoded certificate(s) and key and export to a single PKCS#12 file as follows:

    openssl pkcs12 -export -in input.crt -inkey input.key -out bundle.p12

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1

    We use Digicert and we have thir certs on our UTM. Log into Digicert and you will find they have some free tools. Convert it to .pfx (as Bob says) and then import it. It's a straight forward process.

  • 0 in reply to Louis-M

    Thank you for the hint. That sounds promising. I actually tried to ask them about conversion tools on their live chat but there are always so many people in the queue so I gave up twice already.

  • 0 in reply to ChrisSoukup

    I finally found an easy solution for creating a .pfx certificate that is accepted for upload on the Sophos UTM9. Since the wildcard certificate was initially created for our Exchange server it was possible to export it from there and giving it a password.

    This article describes how to export the certificate from the server in PKCS #12 format (.pfx file)

    https://technet.microsoft.com/en-us/library/cc771848(v=ws.10).aspx

    After that I just added/uploaded it on the Sophos firewall at Webserver Protection -> Certificate Management and then selected it for WebAdmin on the HTTPS tab.

Unfiltered HTML