Install Certificate (.cer)

Kevin,

make sure to import the CA and to import the Certificate using pkcs12 or PFX format as described here:

https://community.sophos.com/products/xg-firewall/f/vpn/75396/godaddy-ssl-certificate-for-user-portal

Regards

ok, we did these steps only step 6 whe not sure of. we only have a got

* geotrust global.cer

*sophos.company.cer

* trustprovider...cer

i can convert the sophos.cer to a p7b file but not the pkcs12

after import the p7b i got the following error message.

1. openssl req -new -newkey rsa:2048 -nodes -keyout vpn.company.com.key -out vpn.company.com.csr
2. You'll have to enter some information: Country Code, State, City, Org. Name, Org. Unit, Common Name, Email, Password and Company Name
   
3. This will generate two files, vpn.company.com.key and vpn.company.com.csr
4. Sign into GoDaddy and sign the vpn.company.com.csr
5. Choose Other when you download the CRT files. It should provide you with a your signed GoDaddy.crt and their public gd_bundle.crt.
6. openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in GoDaddy.crt -inkey vpn.company.com.key -out vpn.company.com.pkcs12 -name vpn.company.com -passout pass:password

for the record im totally noob in this certificate thing.

thnx in advance.

ok, we did these steps only step 6 whe not sure of. we only have a got

* geotrust global.cer

*sophos.company.cer

* trustprovider...cer

i can convert the sophos.cer to a p7b file but not the pkcs12

after import the p7b i got the following error message.

1. openssl req -new -newkey rsa:2048 -nodes -keyout vpn.company.com.key -out vpn.company.com.csr
2. You'll have to enter some information: Country Code, State, City, Org. Name, Org. Unit, Common Name, Email, Password and Company Name
   
3. This will generate two files, vpn.company.com.key and vpn.company.com.csr
4. Sign into GoDaddy and sign the vpn.company.com.csr
5. Choose Other when you download the CRT files. It should provide you with a your signed GoDaddy.crt and their public gd_bundle.crt.
6. openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in GoDaddy.crt -inkey vpn.company.com.key -out vpn.company.com.pkcs12 -name vpn.company.com -passout pass:password

for the record im totally noob in this certificate thing.

thnx in advance.

I started (and now resolved) this threed on same subject but different, but very similar!

https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/95348/import-crt-certificate

My first issue was, the XG firewall did not know about the goDaddy UK CA (Certificate Authority), so had to overcome that first. Then I had to find 'the key'. Fortunately, I had already completed successfully on my SEA (Sophos Email Appliance) and was able to export both the certificate and key.

When you do export, you get a single .pem file, which contains both the cert and key (open in Notepad in windows and you can copy and paste the text out to 2 separate files.

If I did not have the SEA, I would have been stuck, as there was no way from the 2 certs from goDaddy to get the 'key'.

For you, I think you need to import the certificate to something (Windows IIS), to be able to export (backup) the cert and key.

Goodmorning Paul,

We have the, .key and .cer file right now.
when i try to add the certificate, this shows up

when i enter the .cer and .key file it asks for a password that we didnt enter at the request.
for the record we dont have any certificates on the sophos yet.

regards.

When I first generated the csr, I too did not type in a password anywhere.

I just typed in a password and it seemed to accept the upload