Installed certificates not showing up

Question

I've installed 2 certificates on Sophos XG v17 as shown in the picture below:

But the certificates don't show up on the combo boxes for WAF Business rule:

and also in the Admin Console settings:

The ApplianceCertificate is the only item in the combo box. 
 
 I can't change the Admin Console certificate and I can't create WAF policies because the certificates don't show up in the choices. 
 
 Thanks in advance.

Michael Dunn · Accepted Answer

In order for the XG to check if a page comes from valid certificate, you only need the CER (the certificate itself). 
 In order for the XG to use a certificate (sign pages using a certificate) it also need the KEY. You cannot sign (encrypt) something without knowing the key to encrypt.

Michael Lynn · Answer

I know this is a bit old, but thought I'd post my solution here for others. 
 I had the same issue and came across your post. I initially created the certificate request from another server and uploaded the resulting certificate I received from my CA to our Sophos. Just like you I couldn't access the certificate for my WAF, it wasn't available in the dropdown list. 
 What I did to fix it was to create the CSR for the certificate in the Sophos certificate interface. When you download the CSR there's a .key file included with the CSR package. I went to my cert authority and followed cert creation procedures (I use Let's Encrypt because free). When I uploaded the new cert to Sophos I included the .key file as well and then the certificate was available for my WAF Business Rule. 
 Hopefully this helps you out!

FloSupport · Answer

Hey Omeng 
 Please take a look at the following KB articles and verify that you have performed the steps listed: Sophos Firewall: How to add a signed certificate in Sophos Firewall Sophos Firewall: How to add an external certificate authority (CA) 
 Thanks, FloSupport | Community Support Engineer

rizzah · Answer

I also had this problem. What i did was upload the p7b file i received from Comodo (so not having to upload the private key). Which seemed to work, i got the green v but was unable to select it. I removed this entry and added a new one, now using the .pem file and also the .key file. This went ok and i was able to use the certificate.