Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 13270 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The IPsec local X509 certificate needs certificate objects

saggi26n

Hi,


We are using Sophos SG230 UTM. We have already created an Ipsec tunnel with out HO network  and Supplier network and is working perfectly. Now, we want one more tunnel between our office and another supplier network but when I try to create new IPSec connection, it does not save the connection and displays following message:

"The IPsec local X509 certificate needs certificate objects"


I am trying to create tunnel on same interface on which previous tunnel is created.


Please advise.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Greetings.

    I reproduced the instance, when UTM do not have an object of the local certificate which is configured for IPSec connection through UTM, you cannot deploy IPSec configuration.

    Check the certificate you are using by navigating through option Site-to-Site-VPN>IPSec>Advance>Local X509 Certificate.

    I think the certificate object is deleted or changed. You can verify the certificate from Site-to-Site-VPN>IPSec>Certificate Managemet. You can create a new local certificate for VPN, if necessary.

    Interestingly, when I deleted the certificate it did not effect the Active tunnel. Hence, I suspect the established tunnel has no effect on your end.

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Perfect Sachin. Actually, i did guess that but the said certificate is present under Certificate Management. Even I was skeptical about changing the certificate because it could have affected another tunnel. But then I mustered courage and changed the certificate.

    Now it is working perfectly.

    But still wondering why did this message appeared even though certificate is present.

Reply
  • 0 in reply to sachingurung

    Perfect Sachin. Actually, i did guess that but the said certificate is present under Certificate Management. Even I was skeptical about changing the certificate because it could have affected another tunnel. But then I mustered courage and changed the certificate.

    Now it is working perfectly.

    But still wondering why did this message appeared even though certificate is present.

Children
  • 0 in reply to saggi26n

    Something made the cert invalid after the other tunnels were established.  If it is used elsewhere, I would replace it there, too.  I would then go back to Certificate Management, delete the old cert, generate a new one with the correct FQDN and then use that in the config where you temporarily replaced the old cert.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML