Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 6675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SSL / StartSSL (intermediate) certificate: Firefox issue

DeltaSM
Hello everybody,

First of all, sorry if this is not the right section but I thought it was here the best section to expose my problem.

I recently subscribe to StartSSL to obtain a Class 1 SSL certificate and then use this certificate on the User/WebAdmin Portal on our Sophos SG-210 which is up-to-date (9.310-11).

Certificate creation was ok and then I imported it to our Sophos SG-210 without any problem. However, I notified a problem on Firefox which shows a "This connection is Untrusted" problem.

I just found an explanation on StartSSL FAQ website: (see here #31)

An intermediate SSL must be imported in the server (so in our Sophos SG-210) to workaround this problem. This certificate must be downloaded here: https://www.startssl.com/certs/

However, I didn't know what I must exactly do and I would like some help about this. 

Moreover, after doing some researches, I'm not sure that the support of intermediate certificates is implemented on Sophos/Astaro OS.
See vote request here

I also saw a forum topic on Astaro's forum but it is in German unfortunately: here

Can you please help me for this? Is it supported or not by the Sophos UTM OS?

Regards,

DeltaSM

[:)]


This thread was automatically locked due to age.
  • 0
    No idea for this issue? It's pretty annoying for us [:(]
  • 0
    I'll follow Trollvottel's lead and first ask what form the cert was in and whether you loaded the CA with it - PCKS12?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    This may be a non issue, but this is what I did to get mine working

    I used the StartSSL CSR generator (startcomtool.eze) and used the generated CSR to request my certificate and download it.

    I then used the private key and the downloaded certificate and used the Create PKCS#12 (PFX) File link at the StartSSL Toolbox.

    I put in the private key, cert and a random password and generated the pfx. I then imported my PFX into the sophos certificates tab.

    Finally, I uploaded the Root 1 - StartCom Certification Authority root certificate, Intermediate Class 1 DV SSL certificate and Class 1 Client Certificate pem files from https://www.startssl.com/root to the Sophos Certificate Authority tab.

    Everything seems to be working well for me

Unfiltered HTML