SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Certificate on the UTM

Out-of-the-box Sophos UTM will generate self-signed certificates for many functions as for the Web proxy signing CA. We would like to use our internal PKI infrastructure consisting of an W2K16 Enterprise RootCA because it_s certificate is trusted automatically by all Windows clients in the domain so there is no need to distribute other certificates by GPO for e.g.

For the webadmin console we used a certificate signed by this _Root_CA and that works without problem. Because we use SSL scanning we want the web proxy _Signing CA_ to be a intermediate CA of our RootCA. I have generated the certificate and installed it as the certificate for the Signing CA. The installation shows no problem and certificates for websites for which we use SSL scanning are perfectly generated, but the _intermediate_ certificate of the web proxy signing CA is not included in the chain. Because the chain is broken the on-the-fly generated certificates are not trusted.

This website https://community.sophos.com/kb/en-us/115592 suggests this setup should work, but it doesn't.

I did install the RootCA certificate as a local Verification CA. I see that other users are reporting the same problem _https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/108203/signing-certificate-loses-chain-when-imported/387030?pi2349=3_. I_m really looking for a fix for this to work.

1 vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Peter Huiskamp shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.