Hello Sophos Community;
I have spent the better part of a day trying to find a definitive guide/answer on the use of External SSL Certificates from Commercial CA's when you have 1 or more internal web servers running HTTPS behind an XG, and no luck so far.
I am using XG Home with the latest firmware applied, and I have one public IP address.
As stated above, I have several internal (LAN) web servers with sites serving content over HTTPS.
I have leveraged the WAF Firewall rules quite easily to forward HTTP (port 80) traffic from WAN to LAN etc, but when it comes to web protection of HTTPS traffic, I am fairly confused at the moment about where/how external ssl certificates need to be applied in order to eliminate the dreaded Unsecured website error.
I do not want to use non standard port numbers, and I want to eliminate the browser security warning for external users.
1. When using Web Protection Firewall Rules, XG requires a Certificate. If I were to purchase a commercial certificate and upload it to the XG, do I still need to also apply said certificate to the content web server on the LAN or no? Very confused.
2. At the moment, the internal web servers in question have their own self signed certificates in place. I can reach any given server via DNAT, but understand from reading that I am not getting the benefit of Web Protection in that case.
3. Ultimately, I would like to leverage a Wildcard SSL Certificate to cover all the DNS subdomains my internal web servers provide content for, and could use some coherent advice on what components (servers, or XG, or both) require certificates to be applied to accomplish this, and of course do so in a manner that provides Web Protection.
(INTERNET USER) *.mydomain.com --> (SOPHOS 443) --> CONTENT SERVERS ((*.mydomain.com) 443)
Hopefully I've stated my intent clearly enough.
Any help is much appreciated.
This thread was automatically locked due to age.