Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate Question

Darth_Boss

I have 2 XGs configured in an active/standby HA (failover) configuration.  I am enabling HTTPS scanning.  Do network hosts require two certificates--one from the main XG and another from the secondary (standby) XG?  Or will the cert from the main XG work for both?  In other words, in a failover event where the secondary XG takes over, will a host with only the cert from the main XG still be able to access https sites, or does it need a cert from both XGs?  Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    You only need to import 1 (2) CA. 

     

    One for HTTPs Decryption.

    One for the Default Certificate (Most likely block pages etc.). 

     

    But both certificates will be shared between the HA. 

     

    Actually you can generate a CA by yourself in Windows server and upload it to couple of XGs to use them there. 

     

     

     

Reply
  • 0

    You only need to import 1 (2) CA. 

     

    One for HTTPs Decryption.

    One for the Default Certificate (Most likely block pages etc.). 

     

    But both certificates will be shared between the HA. 

     

    Actually you can generate a CA by yourself in Windows server and upload it to couple of XGs to use them there. 

     

     

     

Children
  • 0 in reply to LuCar Toni

    Thank you LuCar.  I'm not sure I follow... The directions in this article only mention the need for a single certificate that you download from the XG: https://community.sophos.com/kb/en-us/123048  I downloaded this certificate already and pushed it out with group policy.  Without the cert I couldn't access https sites (when https scanning was enabled) but with the cert I could.  

    But you're saying I need two certs?  Where do these come from?  I've never done this before.  Thanks!