Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 4657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Certificate - Home use installation? how to with no Active Directory

Mark Erasmus

Hi All,

Simple question if I were to purchase an SSL root certificate and installed this into the XG Server would this fix the SSL issue's I have where I have to install a Sophos certificate on every local machine? and will this then also fix the SSL issue on devices where the certificate can't be installed? Roku?

 

I see there are work around and such to bypass this but I would rather just buy a certificate if it will make things easier

 

Thanks in advance

 

PS I am not very bright so if there are simple instructions that will be much appreciated  

 



This thread was automatically locked due to age.
  • 0

    Mark,

    you can create the CSR (Certification Signed request) under Certificates > Certificate > Create Certification Signed request, fill all fields and then upload the certificate to public CA.

    Make sure that CN = XG private IP address if you need to use it internally.

    Unfortunately if you configure name on XG under Administration and you access internal XG using name (make sure to resolve the name via your local dns server) you will receive XG private ip and not name (you can check it), so still certificate error. The name returned by XG should be fixed soon.

    Thanks.

  • 0

    afaik, you can't purchase a trusted certificate that you can use for signing "on the fly generated" certificates.  Any MITM would love such a certificate.

  • 0 in reply to sixteen again

    Sixteen again is correct.  

    Mark, unfortunately, cannot buy that kind of certificate.  What you are effectively trying to buy is a Certificate Authority cert, and those are ungodly expensive through all of the major providers, plus you have to be vetted, etc.  

    You will have to install the certificate on EACH MACHINE, each mobile device, etc - either manually or with some sort of tool - in order to utilize HTTPS Decrypt-And-Scan. 

    You are completely out of luck on the ROKU. You will need to exempt its traffic or stick it in an alternate zone.