Sophos Web Appliance - HTTPS Scanning, Third Party Certificate

Hello MoreCowbell,
 

You can upload a certificate for https scanning, but it needs to be a Certificate Authority (signing certificate).  You won't be able to buy one online I'm afraid - becoming an intermediate CA is a pretty complex and expensive process.

So to use the feature you have to generate your own root CA, which will still need to be added to the browser manually.  This is mainly useful if you already have your own CA trusted in the web browser.  Otherwise, there isn't much benefit over using the default CA on the appliance.

Fortunately, you can push out the web appliance CA (or your own CA) via group policy to make things easier:

http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

Hope this clears things up.

Petr

Hello MoreCowbell,
 

You can upload a certificate for https scanning, but it needs to be a Certificate Authority (signing certificate).  You won't be able to buy one online I'm afraid - becoming an intermediate CA is a pretty complex and expensive process.

So to use the feature you have to generate your own root CA, which will still need to be added to the browser manually.  This is mainly useful if you already have your own CA trusted in the web browser.  Otherwise, there isn't much benefit over using the default CA on the appliance.

Fortunately, you can push out the web appliance CA (or your own CA) via group policy to make things easier:

http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

Hope this clears things up.

Petr