This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Export private key from Sophos XG

Hello,

I've been using the Sophos XG for a number of years with an SSL certificate that I use for the Admin portal, etc. I use a wildcard certificate that I purchase so that I can use it on some other servers as well. Today, I purchased a new wildcard certificate to use on my Sophos XG box, and other servers.

  1. I generated the CSR in Sophos.
  2. Exported the CSR to secure a copy.
  3. Pasted the CSR to my Certificate provider.
  4. Was provided with a certificate in a number of different formats. 
  5. Used the 'import' icon on the previously created CSR to add the new SSL certificate.
  6. Changed the Admin settings to use the new certificate.

Everything went flawlessly.

Then, I went to add the same wildcard SSL certificate to my TrueNAS system. Pasted in the Public key of the certificate, then went back to Sophos XG to grab the private key... WTF, I can't find it. I did this last year without issue.

Where is Sophos now hiding my private key, and how do I export it? 



This thread was automatically locked due to age.
Parents
  • Hello,

    Since the MR2 firmware, it's no longer possible to download the private key from CSR generator, so I used an external openssl to generate a new CSR and my private key.

    Version 18.5 MR2

    Certificates

    • Removed the ability to download private keys for CSRs and uploaded certificates. So, you can't use CSRs and private keys generated on Sophos Firewall for external systems. You need to use other methods, such as tools built into operating systems.
    • Shown useful information about the different types of certificate authorities.
    • Made it easy to find locally-added certificates and certificates with private keys.
    • Made it easy to copy or download a certificate's public key to check and confirm.
  • Thanks for the reply Gregory. I should read those maintenance release notes with more care. Although, it does seam like quite the feature to pull in a maintenance release. Regardless, I did find the fix.

    Turns out that the export feature under Admin settings will provide the private key, Yay!

  • To clarify, I was able to export the private key by going to...

    Sophos XG (version 18.5.2 MR-2-Build380)

    System -> Backup & firmware -> Import export -> Export (Export full configuration)

    This provided me with the private key that corresponded with the certificate I purchased after creating the CSR on the Sophos XG. So, after this export I had the public certificate, the CSR, and the private key. This was everything I needed to added the wildcard certificate to my TrueNAS server.

Reply
  • To clarify, I was able to export the private key by going to...

    Sophos XG (version 18.5.2 MR-2-Build380)

    System -> Backup & firmware -> Import export -> Export (Export full configuration)

    This provided me with the private key that corresponded with the certificate I purchased after creating the CSR on the Sophos XG. So, after this export I had the public certificate, the CSR, and the private key. This was everything I needed to added the wildcard certificate to my TrueNAS server.

Children