Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 2337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download Certificate as p12

Erik Sauerbier

Since SFOS 18.0.5 (18 MR5) it is no longer possible to download self-signed certificates as .p12-certificate (certificate with private-key).

It is only possible to download the certificate as .crt without private-key.

Does anyone have an idea how to do that with 18 MR5?



This thread was automatically locked due to age.
Parents
  • 0

    There is no reason to export the private key anymore. If you want to do a CSR, you can create the CSR and upload the signed PEM to the XG firewall, which will import the private key. 

    Why do you want to have the private key? Every export of a private key means a potential security risk. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    We use in one scenario self-sign certificates create by sophos router as VPN-Certifiacte for vpn-connections between Sophos and lancom router. The lancom router accept the vpn-certifate only as p12 or pfx.

    Until 18.0 MR4 it was possible to create a self-sign certifiacte in the sophos and download it as p12-certifiate.

  • +1 in reply to Erik Sauerbier

    Yes and this was disabled due security concerns. See: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-xg-firewall-v18-mr5--build-586-is-now-available

    Certificate Management and Security

    • Form enhancements for creating certificate signing requests and certificates
    • Enhanced security for private keys
    • Upload/download support for PEM format certificates
    • Enhanced workflows for certificate management

    I have to say: The firewall is not a CA to generate your certificate, which you can use everywhere. So actually you should import the CA of the Lancom router to get this one trusted and import the public certificate to XG firewall. 

    This process of "creating a public + private key on the firewall and export it to another product" is somewhat clunky and risky to do in the first place. Certificates are meant to deal with differently. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you, that helps us. We come up with another solution in this scenario.

Reply Children
No Data
Cookie Information Banner