External Certificate used for VPN SSL is migrated?

Hi Joao,

With the Sophos UTM you can download a selective backup of the configuration excluding or including the certificates. In the XG and Cyberoam the backup consists of the whole part of configuration consisting of the certificates too. I will still suggest you to migrate taking help from your local Sophos partner and Support. 

This can also be raised as a feature request here. An interesting feature I think of. 

Thanks

Hi Sachingurung,

Thank you for your response.

When we upgrade from Cyberoam OS to Sophos XG OS, the migration is automatic, there is no backup and restore of the configuration. After this upgrade the external certificates remain in the appliance or do we have to reimport them? There is no possibility of using a cyberoam backup on a sophos xg os I think?

Thank you,

Joao

Joao,

AFAIK, all self-signed certificates and CA are re-generated.

Here the Cyberoam-XG Migration Guide. Read the last page.

http://docs.sophos.com/nsg/sophos-firewall/v16012/PDF/Cyberoam%20to%20Sophos%20Firewall%20Migration%20Guide.pdf

Before upgrading to XG, save the imported CA and their Certificates just in case.

Regards

And public commercial certificates, are they regenerated? I cannot save the imported certificate because it was made with a csr request and I don't have the private key.

I would like to avoid reimporting the vpn configuration for all our clients.

Thank you!

And public commercial certificates, are they regenerated? I cannot save the imported certificate because it was made with a csr request and I don't have the private key.

I would like to avoid reimporting the vpn configuration for all our clients.

Thank you!

Commercial certificates can't be regenerated by the XG.  If such a certificate doesn't make it over on migration, you might try re-issueing the public certificate.
On supplier we're using , that's free, and it allowed me to go from sha1 to sha2 without buying new certificate.   Certificate end date remains unaltered though