This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to upgrade wildcard certificates on a Virtual Web Server?

We use wildcard certificates with most of our websites. It has been tedious with Sophos since it tries to be helpful and pulls the domain names from the cert and uses them as the default. We need more granular control of the domain on our virtual webservers, so I delete the defaults and enter the domains I am publishing. The problem is that there is a bug in the Virtual Webserver form that if you expand the "Advanced" option after entering the custom domains, Sophos deletes all custom entries and reverts to the default wildcard domains. Tedious when you forget to expand "Advanced" first.

Anyways, now my wildcard is expiring and I need to upgrade the certificate. I uploaded the new certificate, went to the virtual webserver, selected it and all of my custom domains were once again deleted in favor of the defaults. Luckily I noticed and didn't click save.

So this is a pain when you have lots of domains and virtual web servers in use. Every time you enter this info, you run the risk of typos. Anyone know of a way to work around this "feature" without having to recreate everything?



This thread was automatically locked due to age.
Parents
  • That's a nasty bug, Tim - I hope you've opened a Support ticket and have requested escalation to the developers!

    There may be a command line trick, but you would want Sophos Support to initiate that.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I opened a ticket when I first started using the wild card to create virtual web servers back in August. I just amended that ticket to include the new scenario. Overall it a feature that hasn't been fully thought out. If I was using a SAN cert or a single site cert, it would be helpful as it would auto-populate my entries. However, even with a SAN cert I could see that you might have a need for more than one Virtual Web Server object to apply different policies to different aspects of the SANs.

    This is the response I received from support in August this year:

     

    Thank you for this ticket that you created based on the Bug you've found.
    I'll be forwarding these information to our Senior Engineers here so they could open up a Bug ID and 
    would investigate on this issue that you have.

  • Thanks, Tim.  Please post the Case # here or PM it to sachinguring along with a link to this thread.

    I think it should be possible to locate the old certificate and CA and simply replace them and other changed information in the relevant REF_s, but I don't know where those might be or if another way would be better.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you.

    This is the case number with the details of the issue: 6417084

Reply Children
No Data