User Tools

Site Tools


public:generating_a_certificate

This is an old revision of the document!


Generating and Applying a Certificate for Your Sophos

When using the Sophos on your computer you are likely to receive a warning “This website is unsafe” or “Your connection is not private”. These problems occur due to the certificates not being trusted on your web browser or computer. The certificates are used to protect server-client communication. The Sophos firewalls (XG210 and XG125) come with a Default and a SSL CA certificate. The SSL CA certificate is used ONLY when using the HTTPS Deep Scan Inspection feature.

Generation of the Certificate

1) Go to CertificatesCertificates and Click Add, then select Generate Self-signed Certificates

2) Create a name for your certificate

3)Select IP address in the Certificate ID option and enter the IP address value

  • You will want the admin and user login to be on the same IP address for this to work
  • To change the user redirect IP go to AdministrationAdmin SettingsAdmin Console & End User interaction; click Use a different hostname and enter the new IP address

4) Fill in the values in the Identification Attributes such as Country name, state, locality name, organization name, organization unit name (department), email address

5) In Common Name add the IP address of the firewall on which the webadmin and captive portals will be opened (default example 172.16.16.16)

6) Once successfully generated, go to AdministrationAdmin Settings and set the certificate to the newly generated certificate

7) Now download this generated self-signed certificate and import to the machines browsers. Also download Security Appliance_SSL_CA from CertificatesCertificate Authorities

Adding Your New Certificate to Your Local Machine

Windows 10 computer

1) Take the generated self-signed certificate that was downloaded (step 7 above) and unzip the tar file

2) Double click on the “named cert” (type file is Personal Information Exchange)

3) Click through the installation wizard pop-up

  • The wizard may prompt you for a password
  • Password file is in the tar file that you unzipped (it might just be blank, that is okay)

4) When prompted for the certificate store, choose Place all certificates in the following store

5) Select the Trusted Root Certification Authorities store

6) Next, add certificate snap-ins → launch MMC (mmc.exe)

  • Choose fileAdd/Remove Snap-ins
  • Choose certificates, then choose Add
  • Choose computer (local) account and click next
  • Click Finish and close the list of snap-ins
  • Click OK to add the certificates snap-in, which should now be visible in the Add/Remove snap-ins window
  • Expand the list of certificate containers, right click Trusted Root Authority and choose All TasksImport to start the Certificate Import Wizard
  • Import the Certificate downloaded (Security Appliance_SSL_CA) using this wizard

Macintosh computer

1) If you haven't already, download the SSL CA certificate (step 7, Generation of the Certificate)

2) Once downloaded, double-click the Certificate. This launches key-chain. A pop-up window will open; select System and Add

4) Go to SystemCertificates → Double-click on Security Appliance_SSL_CA

5) Click Trust and then click Always Trust

public/generating_a_certificate.1596028320.txt.gz · Last modified: 2024/01/25 03:32 (external edit)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki