ApplianceCertificate incorrect object

Question

Hi as per the subject in the ApplianceCertificate certificate in the subject field I have incorrect values such as the email field, in which na@example.com is reported how can I correct this data?
thank you

Oggetto 
 /C=NA/ST=NA/L=NA/O=NA/OU=NA/CN=Appliance_Certificate_wIeWkRT1DDjv5M9/emailAddress=na@example.com

Autorit&agrave; emittente 
 /C=IT/ST=IT/L=Salerno/O=dg/OU=OU/CN=Sophos_CA_C01001C77777HJ15/emailAddress=*******@gmail.com

Scopo 
 
 Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No

emmosophos · Accepted Answer

Hello, 
 GES/DEV has confirmed that it is not possible to change the email address of the Appliance Certificate. If you require a certificate with a different email, you can create a new local signed certificate and enter any email you would like. 
 DEV mentioned that changing the Appliance Certificate email Subject would be a Feature Request as of know, if you would like to pursue this, reach out to your Account Manager/Sales representative so they can enter this Feature Request in the internal system. 
 Regards,

Michael Dunn · Answer

Most customers will not use the certificate that comes with the XG, as it is not (and never can be) trusted by clients. Most customers will want to set their FQDN and then purchase a Certificate from a public CA, or use LetsEncrypt. You can use the XG to generate a Certificate Signing Request, have it signed by a CA, and then upload the signed certificate and use it. https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/Certificates/CertificatesSigningRequestGenerate/index.html

MayurMakvana · Answer

Hello Alfanso, 
 
 Greetings, 
 
 You need to update those information under System -> Certificate -> Certificate Authority -> Default CA. 
 
 Once you change the Default CA, you need to relogin and if you are using the SSL VPN. It will break the connection and you will need to import the configuration.

emmosophos · Answer

Hello there, 
 Thank you for contacting the Sophos Community. 
 As a workaround, you can create a new certificate and apply it to the desired service. 
 I talked to GES about this, and they have created NC-108216 to confirm if this is expected or if there might be an issue as we got the same result, I created a case on your behalf and assigned it to me, however, if you can send me a Private Message with your email address to confirm it, I would appreciate it. 
 Also, confirm the Firmware you&rsquo;re using. 
 Regards,

ApplianceCertificate incorrect object

Top Replies