This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practices with https certificates

I have Exchange, web servers, and other applications like Jabber all published through the WAF.  On each application, I have to configure an SSL certificate, then export it, and import it into Sophos to use on the Virtual Webserver.  There are two certificates for every application.  It's a tedious, slow process to configure each site, and maintain them as they come up for renewal.

My question is, is there a better way, or is this the only way to do it?  It seems like in a perfect world Sophos would have the certificate on it, then would pass authentication in the backend to the webservers and exchange servers, with no cert needed on the backend.  But I haven't seen any docs or talk about this, or if it would break finicky applications like Exchange.  I can't go playing around with it much or I'll kick active users off.

So, what do you all do?



This thread was automatically locked due to age.
Parents
  • This function is called SSL Offloading and is supported by Sophos UTM. Your Real Webserver is configured with Port 80 and your Virtual Webserver is Configured with Port 443 and a valid Certificate (Which you have to import only on the UTM). Whether this works or not, is depending on your application you're hosting on your Real Server.

    There are some disadvantages if you want to internally access to your applications, because you have to use http:// instead of external https://. 

    Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

Reply
  • This function is called SSL Offloading and is supported by Sophos UTM. Your Real Webserver is configured with Port 80 and your Virtual Webserver is Configured with Port 443 and a valid Certificate (Which you have to import only on the UTM). Whether this works or not, is depending on your application you're hosting on your Real Server.

    There are some disadvantages if you want to internally access to your applications, because you have to use http:// instead of external https://. 

    Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

Children
No Data