UNOLS Satellite Network Advisory Group

User Tools

Site Tools

Trace:
public:generating_a_certificate

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
public:generating_a_certificate [2020/07/29 13:12] rhudakpublic:generating_a_certificate [2024/01/25 03:31] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Generating and Applying a Certificate for Your Sophos ====== ====== Generating and Applying a Certificate for Your Sophos ======
-When using the Sophos on your computer you are likely to receive a warning "This website is unsafe" or "Your connection is not private". These problems occur due to the certificates not being trusted on your web browser or computer. The certificates are used to protect server-client communication. The Sophos firewalls (XG210 and XG125) come with a Default and a SSL CA certificate. The SSL CA certificate is used ONLY when using the HTTPS Deep Scan Inspection feature. +When using the Sophos on your computer you are likely to receive a warning "This website is unsafe" or "Your connection is not private". These problems occur due to the certificates not being trusted on your web browser or computer. The certificates are used to protect server-client communication. The Sophos firewalls (XG210 and XG125) come with a Default and a SSL CA certificate. The SSL CA certificate is used ONLY when using the HTTPS Deep Scan Inspection feature. In general, this feature is NOT recommended for use on the ships.   
 + 
 +{{:public:sophos_certificate.png?600|}}
 ===== Generation of the Certificate ===== ===== Generation of the Certificate =====
 1) Go to **Certificates** -> **Certificates** and Click **Add**, then select **Generate Self-signed Certificates** 1) Go to **Certificates** -> **Certificates** and Click **Add**, then select **Generate Self-signed Certificates**
Line 16: Line 18:
 6) Once successfully generated, go to **Administration** -> **Admin Settings** and set the certificate to the newly generated certificate 6) Once successfully generated, go to **Administration** -> **Admin Settings** and set the certificate to the newly generated certificate
  
-7) Now download this generated self-signed certificate and import to the machines browsers. Also download **Security Appliance_SSL_CA** from **Certificates** -> **Certificate Authorities**+7) Now download this generated self-signed certificate and import to the machines browsers. Also download **Default** from **Certificates** -> **Certificate Authorities**
  
  
-===== Adding Your New Certificate to Your Local Machine =====+===== Adding Your New (Or NOT new) Certificate to Your Local Machine =====
 ====Windows 10 computer==== ====Windows 10 computer====
 1) Take the generated self-signed certificate that was downloaded (step 7 above) and unzip the tar file 1) Take the generated self-signed certificate that was downloaded (step 7 above) and unzip the tar file
Line 40: Line 42:
   * Click OK to add the certificates snap-in, which should now be visible in the **Add/Remove** snap-ins window   * Click OK to add the certificates snap-in, which should now be visible in the **Add/Remove** snap-ins window
   * Expand the list of certificate containers, right click **Trusted Root Authority** and choose **All Tasks** -> **Import** to start the Certificate Import Wizard   * Expand the list of certificate containers, right click **Trusted Root Authority** and choose **All Tasks** -> **Import** to start the Certificate Import Wizard
-  * Import the Certificate downloaded (Security Appliance_SSL_CA) using this wizard+  * Import the Certificate downloaded (Default) using this wizard
  
 ====Macintosh computer==== ====Macintosh computer====
-1) If you haven't already, download the SSL CA certificate (step 7, **Generation of the Certificate**)+1) If you haven't already, download the Default certificate (step 7, **Generation of the Certificate**)
  
 2) Once downloaded, double-click the Certificate. This launches key-chain. A pop-up window will open; select **System** and **Add** 2) Once downloaded, double-click the Certificate. This launches key-chain. A pop-up window will open; select **System** and **Add**
 {{ :public:screen_shot_2020-06-09_at_18.20.05.png?600 |}} {{ :public:screen_shot_2020-06-09_at_18.20.05.png?600 |}}
  
-4) Go to **System** -> **Certificates** -> Double-click on **Security Appliance_SSL_CA**+4) Go to **System** -> **Certificates** -> Double-click on **Default**
 {{ :public:screen_shot_2020-06-09_at_16.32.35.png?600 |}} {{ :public:screen_shot_2020-06-09_at_16.32.35.png?600 |}}
  
Line 54: Line 56:
  
 {{ :public:screen_shot_2020-06-09_at_16.32.47.png?600 |}} {{ :public:screen_shot_2020-06-09_at_16.32.47.png?600 |}}
 +
 +====What if I cannot Generate my own certificate?====
 +A reported issue that we have seen is the inability to "Generate a Self-signed Certificate", the option is 'grayed' out. This is caused when the Sophos system is migrated from a Cyberoam install and the default is setup incorrectly. To fix this issue, follow these steps:
 +
 +1)Go to **Certificates** -> **Certificate Authorities** -> **Default**
 +
 +2)The Default must have a Common name in this format **Sophos_CA_[serial]** and an email.
 +
 +Once saved check back under **Certificates** to Generate your own self-signed certificate. 
 +
 +====Helpful Links====
 +If you want more information on how to import certificates to specific web browsers go here:
 +[[https://community.sophos.com/kb/en-us/123048]]
 +
 +**Note:**This page specifically talks about using the Security_SSL_CA_Certificate, simply change it to Default and the directions are the same.
 +
 +If you want more information on Generating a self-signed certificate or requesting a certificate from a Certified Authority go here:
 +
 +[[https://community.sophos.com/kb/en-us/132678#Use%20a%20signed%20certificate%20by%20a%20trusted%20CA]]
public/generating_a_certificate.1596028320.txt.gz · Last modified: 2024/01/25 03:32 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki