SFOS V18 breaks the Pocket Guide for using Digital Certificates in IPSEC VPN connections

Question

i've noticed that in SFOS V18 downloaded certs are now in CRT instead of PEM format. Strangely enough when you upload certificates into a V18 appliance it doesn't expect a CRT file. Additional work needs to be done with converters before it can be used. This is troublesome if you have many IPSEC site to site connections on V18 appliances. and it doesn't quite follow this guide either https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/Establish-Site-to-Site-VPN-Connection-using-Digital-Certificates_2.pdf 
 
 It would be good if V18 cert download behavior matches v17.

emmosophos · Answer

Hello John, 
 Adding to what has been mentioned. 
 If you download a Certificate from the Certificates, it&rsquo;ll download as .crt but it&rsquo;s encoded with PEM. so you can simply change the extension to .pem 
 If you Download the Default Certificate from the Certificate Authorities it will download a .tar file that contains a .pem and .der 
 If you Download the SecurityAppliance_SSL_CA it will be downloaded as a .pem 
 Regards

SFOS V18 breaks the Pocket Guide for using Digital Certificates in IPSEC VPN connections

Top Replies