Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 3 answers
  • Subscribers 32 subscribers
  • Views 17080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installed certificates not showing up

Omeng

I've installed 2 certificates on Sophos XG v17 as shown in the picture below:

 

 

But the certificates don't show up on the combo boxes for WAF Business rule:

 

 

and also in the Admin Console settings:

 

The ApplianceCertificate is the only item in the combo box.

 

I can't change the Admin Console certificate and I can't create WAF policies because the certificates don't show up in the choices.

 

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • +1

    I know this is a bit old, but thought I'd post my solution here for others. 

    I had the same issue and came across your post.  I initially created the certificate request from another server and uploaded the resulting certificate I received from my CA to our Sophos.  Just like you I couldn't access the certificate for my WAF, it wasn't available in the dropdown list. 

    What I did to fix it was to create the CSR for the certificate in the Sophos certificate interface.  When you download the CSR there's a .key file included with the CSR package.  I went to my cert authority and followed cert creation procedures (I use Let's Encrypt because free).  When I uploaded the new cert to Sophos I included the .key file as well and then the certificate was available for my WAF Business Rule.  

    Hopefully this helps you out!

Reply
  • +1

    I know this is a bit old, but thought I'd post my solution here for others. 

    I had the same issue and came across your post.  I initially created the certificate request from another server and uploaded the resulting certificate I received from my CA to our Sophos.  Just like you I couldn't access the certificate for my WAF, it wasn't available in the dropdown list. 

    What I did to fix it was to create the CSR for the certificate in the Sophos certificate interface.  When you download the CSR there's a .key file included with the CSR package.  I went to my cert authority and followed cert creation procedures (I use Let's Encrypt because free).  When I uploaded the new cert to Sophos I included the .key file as well and then the certificate was available for my WAF Business Rule.  

    Hopefully this helps you out!

Children
  • 0 in reply to Michael Lynn

    I also had this problem. What i did was upload the p7b file i received from Comodo (so not having to upload the private key). Which seemed to work, i got the green v but was unable to select it. I removed this entry and added a new one, now using the .pem file and also the .key file. This went ok and i was able to use the certificate.

  • 0 in reply to Michael Lynn

    I did not have to re-issue a CSR, but the trick was uploading the .key file as well as the .CER  The sophos would take the .CER without the key and show the green check, but it would not show up as available in WAF unless I uploaded the .key file from the original CSR request.

     

    Thanks for the tip.

  • +1 in reply to bizanator

    In order for the XG to check if a page comes from valid certificate, you only need the CER (the certificate itself).

    In order for the XG to use a certificate (sign pages using a certificate) it also need the KEY.  You cannot sign (encrypt) something without knowing the key to encrypt.