Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 31 subscribers
  • Views 2757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LetsEncrypt Certs signed by R3 Intermediate cert not Trusted by Sophos XG after reinstalling CA certs.

Optoisolated

Hi,

I recently went through and updated some of my older LetsEncrypt certs and when I imported them they were showing up as Untrusted. The rest I had were still trusted. Unsure as to why, I removed the LetsEncrypt R3 Intermediate and the ISRG Root X1 Certs and re-installed the ones from the LetsEncrypt website, in theory completing the trust chain.

Unfortunately even with these certs installed, Sophos XG still doesn't trust those certs for use as Service certs, and now doesn't trust the original LetsEncrypt certs I had installed. Anyone seen this behaviour before? 

I am running the latest XG build (SFOS 18.5.1 MR-1-Build326), and have rebooted the firewall as a test to see if it recovered. No success.

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    I have the same problem, Tried a fresh install of Sophos 18.5.1 MR-1, tried multiple times generate a new certificate from lets encrypt alos with new certbot instalation but no luck. I downloaded all root CA of lets encrypt en uploaded them on the sophos but still the same as above.

    I used the new certification on a web server protection rule and the clients are working with a valid certificate but i can't chose this new certification on the webadmin or portal because it is not valid.

Reply
  • 0

    I have the same problem, Tried a fresh install of Sophos 18.5.1 MR-1, tried multiple times generate a new certificate from lets encrypt alos with new certbot instalation but no luck. I downloaded all root CA of lets encrypt en uploaded them on the sophos but still the same as above.

    I used the new certification on a web server protection rule and the clients are working with a valid certificate but i can't chose this new certification on the webadmin or portal because it is not valid.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?