Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommend an SSL Cert Vendor?

Krowten
I had purchased a RapidSSL certificate to use on my ASG for the WebAdmin and User Portal (8.3) only to find out after the fact that the ASG doesn't support certs with an intermediate CA (which is in and of itself somewhat unbelievable).  

So I opened a ticket with support and got back:

----
[FONT="Lucida Console"]It's a known issue and there is a feature request already for this:
Support for intermediate CAs 

We are trying to get it fixed in later versions of UTM 9 but there is no detailed information on this yet.

Kind regards,

Sophos Technical Support Team - Network Security[/FONT]
----

So then I asked for a recommendation of what vendor I should get an SSL cert from, and got back:

----
[FONT="Lucida Console"]Matt,

there are two types of certificates available. Root CA and intermediate CA. 
Intermediate certificates are not supported at moment.

You can use any Root CA signed certificate. 


Kind regards,

Sophos Technical Support Team - Network Security
[/FONT]
----

I started shopping around, but I can't tell who issues form a Root CA and who issues from an Intermediate CA (which many sites claim is more secure).  I hate to start buying certs and trying them (I was able to return the RapidSSL cert).  So can someone suggest a vendor that will definitely work with the ASG?  Thanks!

Matt


This thread was automatically locked due to age.
Parents
  • 0
    This issue is supposed to be resolved in ASG v9, please see the following UBB post:

    http://www.astaro.org/beta-versions/utm-9-public-beta/42697-8-940-bug-intermediate-ca-not-sent.html#post204231

    With 8.30x, you can do the following:


    You can solve this on this way:

    - Download WebAdmin CA Cert as Base64
    - copy to /var/sec/chroot-httpd/etc/httpd/WebAdminCertCA.pem
    - add line SSLCA... in /var/sec/chroot-httpd/etc/httpd/vhost/httpd-webadmin.conf:

        SSLEngine On
        SSLCertificateFile /etc/httpd/WebAdminCert.pem
        SSLCACertificateFile /etc/httpd/WebAdminCertCA.pem
        SSLCertificateKeyFile /etc/httpd/WebAdminKey.pem

    - analog in

    httpd-webadmin.conf-default
    httpd-portal.conf-default
    (if User Portal is activated, also in httpd-portal.conf)

    - after that "/etc/init.d/httpd restart"


    This wouldn't be supported by Sophos Support, but I've had a hard time finding CAs that don't require intermediates now adays.
  • 0 in reply to peterkieser
    This issue is supposed to be resolved in ASG v9, please see the following UBB post:

    http://www.astaro.org/beta-versions/utm-9-public-beta/42697-8-940-bug-intermediate-ca-not-sent.html#post204231

    With 8.30x, you can do the following:



    This wouldn't be supported by Sophos Support, but I've had a hard time finding CAs that don't require intermediates now adays.



    Thanks.

    I saw that and I figured it would that simple.  I was just worried about voiding support if I do this.  Seems like that may be my only option though.

    Matt
  • 0 in reply to Krowten
    I saw that and I figured it would that simple.  I was just worried about voiding support if I do this.  Seems like that may be my only option though.


    Kindly mention it to support if you're having issues with WebAdmin or User Portal [:)]
Reply
  • 0 in reply to Krowten
    I saw that and I figured it would that simple.  I was just worried about voiding support if I do this.  Seems like that may be my only option though.


    Kindly mention it to support if you're having issues with WebAdmin or User Portal [:)]
Children