Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 3382 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I was told to import a file.txt to the root of my Sophos UTM to verify a Certificate that I just bought

DavidBowman

A very good day to you Sir,

 

I hope you all are Doing Great Sirs !!!

 

So I went over to - www.ssls.com and bought a Cert for my Sophos UTM 9.4 Firewall

 

I had to do this because every time I switch on my IPS to decrypt HTTPS traffic, my antivirus keeps on giving me the - Certificate Chain Incomplete Message on every website I surf to

 

So I generated a CSR file from within my Sophos UTM and uploaded it into SSLS.com

For this, I used all Factitious domain and host names as I do not need a real - domain or a host name or a DNS server

I just need to put the certificate into my personal home Sophos UTM Firewall - and there is no need for a real domain or a host name or a DNS server

 

After everything is done I ended up with a file that is something like - CA52D4130FASCV32CSBSACAEXCES23C.txt

In the ABOVE .txt file is Text that reads something like - CA52D4130FASCV32CSBSACAEXCES23Ccomodoca.com

 

So I was told to import this file and put it into the / or root folder of my Sophos UTM Firewall

 

I have done all of the above, but the final part is to have my registered domain name in the CSR file be DNS resolvable ... 

 

This part I am having some problems with as I do not own a Domain and do not have access to a DNS Server

 

The Firewall is using DynDns.Org but I am not able to do a WebHop URL Re-Direction or anything like a CName on it

 

In order that the domain name from the CSR file is resolvable on the internet, I have to had Registered and Owned that domain in the first place

 

I was told that the above has to be done so that when they can resolve my domain name they will activate the Certificate ... 

 

I was told that the other way to activate the Certificate is to have an email address from the CSR file registration to verify the Certificate

 

But since I use all Factitious domain names, I do not have access to this email as well ...

 

So I am at a loss on how I can put the Certificate into my Sophos UTM and Activate it too ...

 

Using - Self Signed Certificate is not working as it too will make my antivirus keeps giving the - Certificate Incomplete Chain - Error Message

 

Can someone please kindly tell me how I am supposed to solve this - Certificate Incomplete Chain issue ?

 

Thank you very much for your time and kind help.

 

Kind Regards to Everyone !!!

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    I afraid I didn't follow your explanation well enough to recommend how to fix your problem, but I'll make a guess: You used a fake FQDN in the CSR, so your cert has that.  Rename your UTM to have a host name of the FQDN (use the trick recommended in The Zeroeth Rule in Rulz) and then create a Host definition as follows:

    If that doesn't resolve your problem, then you are missing certificates and proper importing of that and the two Comodo CAs.

    I wonder if, instead of buying a cert, you just needed to go to the 'HTTPS CAs' tab in 'Web Protection >> Filtering Options' to download the UTMs signing CA into your PC.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    A very good day to you Sir,

    I hope you are doing Great Sir,

     

    May I please kindly ask - how do I make my "fake FQDN" fully DNS resolvable on the internet ?

     

    This is one of the criteria that I have to had in order that my Certs that I bought from Comodo will Activate online ... 

     

    Hope to hear from you soon.

     

    Thank you very much for your time and kind help !!!

     

    Kind Regards

  • 0 in reply to DavidBowman

    May I please kindly ask - how do I make my "fake FQDN" fully DNS resolvable on the internet ?

    The only solution is to register the domain name.  For example if the fake FQDN were secure.domain.com, you would need to register domain.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to DavidBowman

    May I please kindly ask - how do I make my "fake FQDN" fully DNS resolvable on the internet ?

    The only solution is to register the domain name.  For example if the fake FQDN were secure.domain.com, you would need to register domain.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML