Best practices with https certificates

Question

I have Exchange, web servers, and other applications like Jabber all published through the WAF. On each application, I have to configure an SSL certificate, then export it, and import it into Sophos to use on the Virtual Webserver. There are two certificates for every application. It's a tedious, slow process to configure each site, and maintain them as they come up for renewal. 
 My question is, is there a better way, or is this the only way to do it? It seems like in a perfect world Sophos would have the certificate on it, then would pass authentication in the backend to the webservers and exchange servers, with no cert needed on the backend. But I haven't seen any docs or talk about this, or if it would break finicky applications like Exchange. I can't go playing around with it much or I'll kick active users off. 
 So, what do you all do?

HuberChristian · Accepted Answer

This function is called SSL Offloading and is supported by Sophos UTM. Your Real Webserver is configured with Port 80 and your Virtual Webserver is Configured with Port 443 and a valid Certificate (Which you have to import only on the UTM). Whether this works or not, is depending on your application you're hosting on your Real Server. 
 There are some disadvantages if you want to internally access to your applications, because you have to use http:// instead of external https://.