Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 5026 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Certificate for XG email MTA mode

Anthony Dunne

Hi, 

I would like to get some clarity on how to implement MTA mode on XG Firewall.

Currently I have a UTM firewall with port forwarding to an internal Exchange 2016 server with a third party SSL certificate already installed.

I want to install the XG firewall with MTA mode.

1. Do I install the SAME SSL cert on the XG? The Exchange cert has a .cer extension, but the XG requires a .pem extension. Can I convert?

2. Do I get a NEW SSL cert for the XG? If so, what happens to the existing cert on the Exchange server. Leave it there or remove?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0
    Use the same certificate
     
    If your certificate are installed on Windows (Exchange, IIS …)
    Open MMC and add certificates (Machine)
    Export the certificate (check box the complete certificate  chain & private key) with pfx format.
    Record the password you need later.
    With OpenSSL convert it to PEM.
     
    Open the PEM with text editor and separate the key to a new file .key leave the rest of the certificates intact.
     
    Your PEM certificate now contains all the certificate chain and the .key file your private key.
     
    Import the certificate in Sophos (pem + key + password) and use this for SMTP SSL.
     
    Et Voila !!
  • 0 in reply to Joan Miquel Gurdo

    PD:

    Sophos XG not send the complete cerificate chain (I opened a support case)

    if you import CA ROOT, Intermediate CA, and your certificate in separated, the XG is not trusted by others.

    Some mail servers need now trusted public certificates like Gmail.

    If you instal like that you go to have some mail servers issues.

    So use my metod for that not happend.

Reply
  • 0 in reply to Joan Miquel Gurdo

    PD:

    Sophos XG not send the complete cerificate chain (I opened a support case)

    if you import CA ROOT, Intermediate CA, and your certificate in separated, the XG is not trusted by others.

    Some mail servers need now trusted public certificates like Gmail.

    If you instal like that you go to have some mail servers issues.

    So use my metod for that not happend.

Children
No Data