Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6493 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificates: Change expiration time

twister5800
Hi,

Is it possible to change the expiration date for the certificates that the UTM autogenerates upon user creation?

Now it is 25 years!!

Customer wants to have them regenerated every year.

Can this be done?

Regards Martin


This thread was automatically locked due to age.
Parents
  • 0
    I believe the certs inherit the end date from the CA.  I would think they could import a purchased CA.

    If they just want to change them every year, all they need to do is regenerate the self-signed "VPN Signing CA" on the 'Advanced' tab of Certificate Management'.  If they don't want to do that, there are other possible solutions depending on the details of the situation.

    What advantage do they think they'll get by having the certs expire anyway?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    If they just want to change them every year, all they need to do is regenerate the self-signed "VPN Signing CA" on the 'Advanced' tab of Certificate Management'.  If they don't want to do that, there are other possible solutions depending on the details of the situation.

    What advantage do they think they'll get by having the certs expire anyway?


    Thanks for replying :-)

    The customer is very paranoid with security, so thats why the want to have the knowledge that a certificate cannoit be older than this.

    But I thought of this, will the SSL client even tell that the certificate is Aboud to expire, or will is just expire and telling the user that he/she cannot log on?

    Regards Martin

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

Reply
  • 0 in reply to BAlfson

    If they just want to change them every year, all they need to do is regenerate the self-signed "VPN Signing CA" on the 'Advanced' tab of Certificate Management'.  If they don't want to do that, there are other possible solutions depending on the details of the situation.

    What advantage do they think they'll get by having the certs expire anyway?


    Thanks for replying :-)

    The customer is very paranoid with security, so thats why the want to have the knowledge that a certificate cannoit be older than this.

    But I thought of this, will the SSL client even tell that the certificate is Aboud to expire, or will is just expire and telling the user that he/she cannot log on?

    Regards Martin

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML