SSL Cert uploaded to the XG not showing as trusted

Hi Stuart, Thanks for reaching out to Sophos Community.

Firewall generates the secret key and stores it along with the CSR.

If the CSR was created on the Firewall, Then you'll have an option to upload the certificate in the CSR. You don't need to upload the certificate separately. 

If you're already doing this step and still the certificate is showing up as invalid, then ensure that the Intermediate and the Root CA certificates are present on XG.

Hi Stuart, Thanks for reaching out to Sophos Community.

Firewall generates the secret key and stores it along with the CSR.

If the CSR was created on the Firewall, Then you'll have an option to upload the certificate in the CSR. You don't need to upload the certificate separately. 

If you're already doing this step and still the certificate is showing up as invalid, then ensure that the Intermediate and the Root CA certificates are present on XG.

Hi Devesh,

Thanks for the response. The CSR was created on the XG. And the cert was uploaded via the request. Under the cert Authorities, there are already two built in entries for GoDaddy. Should it not be using these?

Thanks again for your help

Stu

You can always open the .crt formate of the certificate in windows, and check the Certification path. Verify whether the intermediate and Root CAs are present in Certificate > Certificate Authorities.

Mostly it's the Intermediate CA certificate that is not present which causes the uploaded certificate to appear invalid as per my general observation with Lets Encrypt and DigiCert. But you once verify with yours. You can always get these CA certificates from Godaddy. (Private key is not required for the CA certificate) 

Thanks Devesh!

It was indeed the intermediate cert I was missing. I found this on the GoDaddy support page (Repository (godaddy.com). I am all green now!

Awesome !! :)