Certificate Question

Hmmm.  Now I cannot remember what I did, I would think you could do it either way.  When I think about it you should be able to set up the cert to have multiple IPs listed under the common name and then use the same hostname for each if you have your DNS set upright.  And or create a separate cert for each device and load them into the host OS.  

But now I cannot remember what I did lol.  (Not there now) Anyone?

Thank you Badrobot.  Actually, I was following this article https://community.sophos.com/kb/en-us/123048  which said to download SecurityAppliance_SSL_CA from the firewall, which is what I did.  I tested it on my local computer and it worked, so I deployed it with group policy.  Then it occurred to me that it might not work with the standby XG.  I suppose I could trigger HA, enable https scanning, and test it again during off hours.    

Thank you Badrobot.  Actually, I was following this article https://community.sophos.com/kb/en-us/123048  which said to download SecurityAppliance_SSL_CA from the firewall, which is what I did.  I tested it on my local computer and it worked, so I deployed it with group policy.  Then it occurred to me that it might not work with the standby XG.  I suppose I could trigger HA, enable https scanning, and test it again during off hours.    

There are two different CAs on XG.

One for the HTTPs Scanning (SecurityAppliance_SSL_CA) and a Default CA. 

The Default CA is most likely be used for all XG facilities.

So to speak, the Webadmin Page, the User Portal, Block pages etc. Those pages are using the Default CA. So you would have to import them aswell.