Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 27634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install Certificate (.cer)

Kevin Paulusse

Hello,

 

im trying to install a Cerficate on the XG firewall.

we generate a CSR file, and requested the Cerfificate. when i try to upload the certificate to sophos i receive an error.

 

first we go to system certificates

* choose upload certificate
* give it the name it should have, upload a .CER file en choose the private key its in the csr file.
* with no Password.

* press save. then the next fault will be shown.

 

hope someone can help me.

Greets Kevin



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    ok, we did these steps only step 6 whe not sure of. we only have a got

    * geotrust global.cer

    *sophos.company.cer

    * trustprovider...cer

    i can convert the sophos.cer to a p7b file but not the pkcs12

    after import the p7b i got the following error message.

     

    1. openssl req -new -newkey rsa:2048 -nodes -keyout vpn.company.com.key -out vpn.company.com.csr
    2. You'll have to enter some information: Country Code, State, City, Org. Name, Org. Unit, Common Name, Email, Password and Company Name
    3. This will generate two files, vpn.company.com.key and vpn.company.com.csr
    4. Sign into GoDaddy and sign the vpn.company.com.csr
    5. Choose Other when you download the CRT files. It should provide you with a your signed GoDaddy.crt and their public gd_bundle.crt.
    6. openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in GoDaddy.crt -inkey vpn.company.com.key -out vpn.company.com.pkcs12 -name vpn.company.com -passout pass:password

     

    for the record im totally noob in this certificate thing.

    thnx in advance.

  • 0 in reply to Kevin Paulusse

    I started (and now resolved) this threed on same subject but different, but very similar!

    https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/95348/import-crt-certificate

    My first issue was, the XG firewall did not know about the goDaddy UK CA (Certificate Authority), so had to overcome that first. Then I had to find 'the key'. Fortunately, I had already completed successfully on my SEA (Sophos Email Appliance) and was able to export both the certificate and key.

    When you do export, you get a single .pem file, which contains both the cert and key (open in Notepad in windows and you can copy and paste the text out to 2 separate files.

    If I did not have the SEA, I would have been stuck, as there was no way from the 2 certs from goDaddy to get the 'key'.

    For you, I think you need to import the certificate to something (Windows IIS), to be able to export (backup) the cert and key.

  • 0 in reply to Paul Digby

    Goodmorning Paul,

    We have the, .key and .cer file right now.
    when i try to add the certificate, this shows up

    when i enter the .cer and .key file it asks for a password that we didnt enter at the request.
    for the record we dont have any certificates on the sophos yet.

    regards.

  • 0 in reply to Kevin Paulusse

    When I first generated the csr, I too did not type in a password anywhere.

    I just typed in a password and it seemed to accept the upload