This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommend an SSL Cert Vendor?

I had purchased a RapidSSL certificate to use on my ASG for the WebAdmin and User Portal (8.3) only to find out after the fact that the ASG doesn't support certs with an intermediate CA (which is in and of itself somewhat unbelievable).

So I opened a ticket with support and got back:

----
[FONT="Lucida Console"]It's a known issue and there is a feature request already for this:
Support for intermediate CAs

We are trying to get it fixed in later versions of UTM 9 but there is no detailed information on this yet.

Kind regards,

Sophos Technical Support Team - Network Security[/FONT]
----

So then I asked for a recommendation of what vendor I should get an SSL cert from, and got back:

----
[FONT="Lucida Console"]Matt,

there are two types of certificates available. Root CA and intermediate CA.
Intermediate certificates are not supported at moment.

You can use any Root CA signed certificate.

Kind regards,

Sophos Technical Support Team - Network Security
[/FONT]
----

I started shopping around, but I can't tell who issues form a Root CA and who issues from an Intermediate CA (which many sites claim is more secure). I hate to start buying certs and trying them (I was able to return the RapidSSL cert). So can someone suggest a vendor that will definitely work with the ASG? Thanks!

Matt

This thread was automatically locked due to age.

Parents

0 peterkieser over 13 years ago

This issue is supposed to be resolved in ASG v9, please see the following UBB post:

http://www.astaro.org/beta-versions/utm-9-public-beta/42697-8-940-bug-intermediate-ca-not-sent.html#post204231

With 8.30x, you can do the following:

You can solve this on this way:

- Download WebAdmin CA Cert as Base64
- copy to /var/sec/chroot-httpd/etc/httpd/WebAdminCertCA.pem
- add line SSLCA... in /var/sec/chroot-httpd/etc/httpd/vhost/httpd-webadmin.conf:

    SSLEngine On
    SSLCertificateFile /etc/httpd/WebAdminCert.pem
    SSLCACertificateFile /etc/httpd/WebAdminCertCA.pem
    SSLCertificateKeyFile /etc/httpd/WebAdminKey.pem

- analog in

httpd-webadmin.conf-default
httpd-portal.conf-default
(if User Portal is activated, also in httpd-portal.conf)

- after that "/etc/init.d/httpd restart"

This wouldn't be supported by Sophos Support, but I've had a hard time finding CAs that don't require intermediates now adays.
Cancel
Vote Up 0 Vote Down

Cancel
0 Krowten over 13 years ago in reply to peterkieser

This issue is supposed to be resolved in ASG v9, please see the following UBB post:

http://www.astaro.org/beta-versions/utm-9-public-beta/42697-8-940-bug-intermediate-ca-not-sent.html#post204231

With 8.30x, you can do the following:

This wouldn't be supported by Sophos Support, but I've had a hard time finding CAs that don't require intermediates now adays.

Thanks.

I saw that and I figured it would that simple. I was just worried about voiding support if I do this. Seems like that may be my only option though.

Matt
Cancel
Vote Up 0 Vote Down

Cancel
0 peterkieser over 13 years ago in reply to Krowten

I saw that and I figured it would that simple. I was just worried about voiding support if I do this. Seems like that may be my only option though.

Kindly mention it to support if you're having issues with WebAdmin or User Portal [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 LeGrayven over 13 years ago in reply to peterkieser

Or, if you have a license including Web Application Security, you can also create a virtual web site with the real site being your webadmin. Intermediate CAs are supported in WAS.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LeGrayven over 13 years ago in reply to peterkieser

Or, if you have a license including Web Application Security, you can also create a virtual web site with the real site being your webadmin. Intermediate CAs are supported in WAS.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data