Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 5539 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Imported certificates not listing in Business Application Rule (BAR)

Brian Ladley

I recently performed a factor reset on my XG 85 to resolve an issue with the WAF service causing the BAR firewall rules to hang.  Now when I create a new BAR (Exchange General specifically), the certificates that I imported do not appear in the HTTPS Certificate dropdown as seen in the image below.  The certificates are listing as authoritative since I imported my CA as well.  What am I missing?



This thread was automatically locked due to age.
Parents
  • 0

    Just to be sure. You uploaded both certificates with privat key ? 

    And You want to host the WAF on a bridge?

  • 0 in reply to LuCar Toni

    I imported the .DER certificates without private keys.  My Webmail cert is a GoDaddy cert and the other was created with my internal CA.  The GoDaddy trusted root was imported as well as my CA trusted root cert under the Certificate Authorities tab.

    The local cert is intended to replace the application certificate so I don't get the certificate error when I log into the Sophos Firewall on my local network.  The Webmail cert is intended for the Exchange General Business Application Rule.  My Exchange Server is internal and will be public facing.

  • 0 in reply to Brian Ladley

    I think I have this figured out.  Since I didn't have the private key available to include on the certificate import, I went to my Exchange Server and used the IIS Manager to export the certificate to include the private key in a .PFX file.  I was able to import this one and it became available in the Exchange General Business Application Rule.

    The next cert was for the XG Firewall to avoid the cert errors each time I log into it.  When I created a CSR and from the Sophos Add Certificates page, submitted it to my internal CA and then completed the process with the downloaded cert, the BAR would freeze up again as soon as I clicked on the BAR templates.  I remove the new cert and then imported it with the XG's private key instead and then the BAR started working as expected and I was able to use the certificates.

Reply
  • 0 in reply to Brian Ladley

    I think I have this figured out.  Since I didn't have the private key available to include on the certificate import, I went to my Exchange Server and used the IIS Manager to export the certificate to include the private key in a .PFX file.  I was able to import this one and it became available in the Exchange General Business Application Rule.

    The next cert was for the XG Firewall to avoid the cert errors each time I log into it.  When I created a CSR and from the Sophos Add Certificates page, submitted it to my internal CA and then completed the process with the downloaded cert, the BAR would freeze up again as soon as I clicked on the BAR templates.  I remove the new cert and then imported it with the XG's private key instead and then the BAR started working as expected and I was able to use the certificates.

Children
No Data