This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to create CSR and install a Digicert SSL certificate for Webadmin portal?

Hi, 

I am running UTM 9.352-6. I'd like to install a Digicert SSL certificate to use when connecting to the UTM webadmin portal. Can someone please provide me some guidance on how to create the CSR for the certificate and later installing the certificate on UTM. 

Thanks for anyone's help!



This thread was automatically locked due to age.
Parents
  • I was able to use a DigiCert cert without the use of OpenSSL.

    I did this process a while ago, so the following is from memory and may have a few missteps as I last did this as a renewal not from scratch.

    Also, there are likely different ways to get to the same places in the Sophos menu. I write the way I know to get to the options, your mileage may vary.

    • Open the DigiCert Certificate Utility for windows
    • If you are renewing a cert,  find it and highlight it.
    • Click on the Create CSR link in the uppper right area
    • If you are renewing, allow it to import the attributes
    • Generate the CSR
    • On the DigiCert site, login and click on the Request Cert tab
    • Paste the CSR in the box
    • Choose OTHER for the Server Platform
    • Fill in the other boxes with values appropriate for your company and the duration of the cert.
    • Submit the request
    • When you receive the certificate, save it to your pc and unzip as necessary
    • from within the DigiCert Certificate Utility, click on the Import link
    • Import the key (just the key for your router, not the included Digicert CA keys) and verify it's in the list
    • Once the key is listed in the DigiCert utility, select the key from the list, and choose Export Certificate
    • Choose to export the private key as a pfx file and check the box to include all certs in the path
    • Choose a complex password for the key and remember it
    • Open the Sophos web admin site
    • Click on the Webserver Protection / Certificate Management menus
    • Click on + New Certificate
    • Name the certificate something meaningful like WebAdmin site.
    • Change method to: Upload
    • Set file type to PKCS#12
    • Browse for the file you exported.
    • Enter the password you choose when exporting it.
    • Click on Save
    • Click on the Management / WebAdmin Settings menus
    • Click on the HTTPS Certificate tab
    • Pick the certificate from the drop down list of certificates and click on Apply

    If you are doing this for the first time, you may also need to import the DigiCert CA certificates that came with your key in the zip file. If memory serves me right, you would do that in WebServer Protection / Certificate Management / Certificate Authorities

     

  • Thanks, Larry - an excellent contribution that will help the great majority of admins much better than my suggestion above!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA

  • Hi Bob,

    I downloaded the certs from DigiCert in one .pem files that contains all the certificates. However upon checking with DigiCert - it gives me the error "

    The server is not sending the required intermediate certificate." Any thoughts on this?

Reply Children
  • Hi KM and welcome to the UTM Community!

    Only that there's an intermediate certificate missing.  What does "checking with DigiCert" mean?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA