This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to create diffrent SSL-VPN profiles with diffrent security certificates?

Hi,

We currently have a  SSL-VPN profile for remote access with predefined certificates from Sophos.But I dont understand the way the certificates work in them.

Is it possible to generate different security certificate for different VPN profile?

 

Thanks,

innov



This thread was automatically locked due to age.
Parents
  • All of the VPN certificates are issued by the UTM VPN root.  A user certificate is generated for each authorized user and is part of the local user object.

    During setup, the client code and the user certificate are installed on the laptop.   At login, UTM verifies the username, password, certificate and (if required, as I would recommend) OTP code.

    It is 3way verification.  What problem were you trying to solve?

  • This is what I am assigned to do:

    1. I need to create a user certificate which will expire after 10 day.
    2. Another user certificate with more secure algorithm  that will expire after a month. 
  • User Ster Linga has found a creative solution to this.   Create a firewall block-all rule that takes effect on the desired date.   Use the SSL-VPN user as the source address for the rule.

    https://community.sophos.com/products/unified-threat-management/f/general-discussion/95832/single-time-event

  • This is helpful thankyou I have another question maybe its stupid but I cant get it please help:

    I downloaded ssl-vpn.exe package from the user portal and when I installed it there are

    • ssl-vpn config file
    • .ca security certificate 
    • .user certificate
    • .user.key certificate.

    But when I create a new user and download the .exe package from the new user portal  I just get the ssl-vpn config file but no certificates are included in this.

    What am I missing.

    Also can I upload a self singed certificate from openssl and use it for a particular user?

  • Hi, first post we've seen from you here - welcome to the UTM Community!

    One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to their question without starting a new thread that's already been answered.  Please ask your second question in another thread with an appropriate title.

    It's not practical to "upload a self singed certificate from openssl and use it for a particular user."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, first post we've seen from you here - welcome to the UTM Community!

    One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to their question without starting a new thread that's already been answered.  Please ask your second question in another thread with an appropriate title.

    It's not practical to "upload a self singed certificate from openssl and use it for a particular user."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data