Can't set passphrase when creating a certificate

Question

Earlier this year I setup VPN on an XG 135 (SFOS 18.0.4 MR-4) and documented the steps. I am trying to follow the same steps on a new XGS 116 (SFOS 18.5.1 MR-1-Build326) but have encountered a difference that I would like to clarify before going further. 
 On the XG 135 I configured some self signed certificates using System/Certificates. This allowed me to set a passphrase like this: 
 
 However, on the XGS 116 I don't see the option for a passphrase: 
 
 Currently the only certificate that we have is the ApplianceCertificate but the XG 135 uses a custom appliance certificate with a custom expiry date and custom certificates for the VPN configuration also with custom expiry dates. How do I replicate these on the XGS 116 with the passphrase option?

LuCar Toni · Answer

Sophos removed this option in the latest release due Security concerns. The Firewall is not a appliance to generate certificates for other services. Therefore it was removed to export the privat key. 
 If you want to officially sign a certificate, use CSR with the CA. 
 If you want to generate certificates for other services, use a CSR of this product and get a signing done. 
 Moving and using Private Keys is a security concern. Actually a Private Key should not leave the product, where you want to use it.

Can't set passphrase when creating a certificate

Top Replies