How to create CSR and install a Digicert SSL certificate for Webadmin portal?

Question

Hi, 
 I am running UTM 9.352-6. I'd like to install a Digicert SSL certificate to use when connecting to the UTM webadmin portal. Can someone please provide me some guidance on how to create the CSR for the certificate and later installing the certificate on UTM. 
 Thanks for anyone's help!

LarryWarrington · Accepted Answer

I was able to use a DigiCert cert without the use of OpenSSL. 
 I did this process a while ago, so the following is from memory and may have a few missteps as I last did this as a renewal not from scratch. 
 Also, there are likely different ways to get to the same places in the Sophos menu. I write the way I know to get to the options, your mileage may vary. 
 
 Open the DigiCert Certificate Utility for windows 
 If you are renewing a cert, find it and highlight it. 
 Click on the Create CSR link in the uppper right area 
 If you are renewing, allow it to import the attributes 
 Generate the CSR 
 On the DigiCert site, login and click on the Request Cert tab 
 Paste the CSR in the box 
 Choose OTHER for the Server Platform 
 Fill in the other boxes with values appropriate for your company and the duration of the cert. 
 Submit the request 
 When you receive the certificate, save it to your pc and unzip as necessary 
 from within the DigiCert Certificate Utility, click on the Import link 
 Import the key (just the key for your router, not the included Digicert CA keys) and verify it's in the list 
 Once the key is listed in the DigiCert utility, select the key from the list, and choose Export Certificate 
 Choose to export the private key as a pfx file and check the box to include all certs in the path 
 Choose a complex password for the key and remember it 
 Open the Sophos web admin site 
 Click on the Webserver Protection / Certificate Management menus 
 Click on + New Certificate 
 Name the certificate something meaningful like WebAdmin site. 
 Change method to: Upload 
 Set file type to PKCS#12 
 Browse for the file you exported. 
 Enter the password you choose when exporting it. 
 Click on Save 
 Click on the Management / WebAdmin Settings menus 
 Click on the HTTPS Certificate tab 
 Pick the certificate from the drop down list of certificates and click on Apply 
 
 If you are doing this for the first time, you may also need to import the DigiCert CA certificates that came with your key in the zip file. If memory serves me right, you would do that in WebServer Protection / Certificate Management / Certificate Authorities

computersupport · Answer

This is an old post but I wanted to reply that I was able to figure it out. As of today, 11/01/2016, Digicert still does not provide PKCS#12 certificates. So hopefully, it helps anyone out there that uses Digicert and has an UTM 9.

I followed the firsts steps that BAlfson suggests, create a private key and a csr using openSSL.

Then I submitted the csr to Digicert and downloaded the individual .crt files (it 3 files in total for me) and combining them with BAlfson's cmdlets except without the <private key file name>.key. Like so:

cat cert1.crt cert2.crt cert3.crt > combined.crt

You can only run the above command on a Linux machine., by the way. I have a Windows workstation, had to look for Linux machine to run this.

After, I ran the following:

openssl pkcs12 -export -in <combined crt>.crt -inkey <private key file name>.key -out <your new cert>.p12

After you hit Enter on the above command, you will be asked to enter your private key's password and then create an export password. You will need to enter the export password on the UTM when you upload the .p12 certificate.

I hope this helps! And thanks BAlfson for your guidance!