Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 459 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 19.5.0 GA ....Can only download TLS/SSL ApplianceCertificate as .PEM format, not CER, DER or pkcs#12

alan weir

Using XG 19.5.0 GA. I can only download the ApplianceCertificate as a *PEM. file. I am certain it was letting me choose the other formats once before. Now the only file format it allows to download is default.pem and appliancecertificate.pem which cannot be installed in the Windows trusted certificate store without a different extension.

1. Web->General settings 

2. Profiles->decryption profiles

3. Rules and policies-> SSL/TLR inspection rules

All three methods only allow me to choose the .pem format.

I'm almost positive this was working before and I was able to download other formats.



This thread was automatically locked due to age.
  • 0

    What exactly do you try to do? Because there is a different between Private Key and only the public certificate. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I am attempting to install the TLS decryption certificate in the Windows Trusted Certificate Store, however .pem files cannot be imported. Whereas in the UTM it downloads as a .cer or p12 file, the XG is only giving me the option to download the file as a .pem which has to have the file extension changed so the Trusted certificate store can see it. I am sure that there was an option to choose different file extensions within the XG but there appears to be no option anymore.

    If I rename the file to appliancecertificate.cer, it can be installed. If this is simply a matter of saving file as ApplianceCertificate.cer

    then fine.

  • +1 in reply to alan weir

    You can import a PEM. The Import wizard in MMC will support PEM. Only renaming it to Cer will allow you to "double click it". 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    thank you, that is extra steps but it worked.

    The issue was that Windows by default opens X.509 certificate files *.cer and *.crt to import into the trusted certificate store.

    I just had to scroll down and select All Files (*.*) to open the ApplianceCertificate.pem

Unfiltered HTML