Certificate Installation Process?

Question

I am having some trouble with installing a certificate on the XG test appliance. Basically, I have completed the CSR process and now I am uploading the new certificate to the XG. The process completes, but then I am getting the following result.

I am guessing that the new certificate didn't get activated. What step am I missing? Thank you! 
 Cheers, 
 Jens

lferrara · Accepted Answer

Jens, 
 to make sure you can generate and use a third-party signed Certificate do the following: 
 
 Generate the Certificate Sign Request (CRS) on XG under System > Certificate > Certificates 
 Upload the generated CSR to public CA (in this case Comodo) 
 Once the Certificate is signed from CA, you will receive a .crt convert the .crt to PEM or .p12 using openssl or any other tool (google it or guillaumemaka.com/.../install-your-comodo-certificates-to-amazon-aws.html) 
 You will receive also the CA Trusted Root CA. Upload it inside the Certificate Authorities on XG 
 Import the Certificate .pem inside Certificate TAB on XG 
 Import the private key and digit the passphrase 
 Done 
 
 Remember to import first the CA and then all the certificates signed by that CA.

Paul Warriner · Answer

Unfortunately, the recommended solution didn't help in my case (although a solid response to the question), as RapidSSL would not accept the XG CSR. 
 So for the unfortunate soul, who runs across this thread. 
 The following worked for me: 
 https://www.ipinfosec.com/add-godaddy-ssl-certificate-sophos-xg-firewall/ 
 In a nutshell, on a spare Linux box: 
 1) openssl req -new -newkey rsa:2048 -nodes -keyout YOURCOMPANY.com.key -out YOURCOMPANY.com.csr 
 2) Grab the csr and key files 
 3) Submit the CSR to the CA (RapidSSL in our case) 
 4) Add the p7b (or what valid format the your CA gives you) and the key (from the Linux box) files to the XG key store 
 So far, tested the User Portal and VPN without issues. 
 
 Paul 
 XG Certified Administrator