Installing an SSL certificate on a Sophos firewall typically involves a few steps, including generating a certificate signing request (CSR), obtaining a free SSL certificate from a Certificate Authority (CA), and importing the certificate into the firewall.
This guide is to install a Free and Valid SSL Certificate for the Sophos Firewall using ZeroSSL. To remove the warning page, users get when entering the FQDN of the Firewall in their browser, we need to install an SSL certificate signed by a valid Certificate authority. The steps below is to get a free one from ZeroSSL.
Step 1 : Generate CSR
- FQDN :System > Administration > Admin and user settings, and confirm the FQDN
- Add Certificate : System > Certificates > Add
- Certificate Signing Request :Click the Radio bottom for “Generate Certificate signing request (CSR)”
Step 2: Copying CSR to ZeroSSL
- Go on ZeroSSL, turn on only the ‘Paste Existing CSR’, then paste as plain text and click the next step.
- Select the Free “(0/month)” then click next
- Email Verification – On email verification, select a valid email address (predefined by zerossl) and click Verify Domain.
Note: You need to have access to this email address, as zerossl will send a verification email to this email.
- Verification Page : Check your email, copy the verification key, and click “Go to Verification Page.”
- Verification Key : Enter the verification key on Domain Control Validation (Part 2), then click next and close the window.
- Install Certificate : You’ll receive another email shortly after. click “Install Certificate”/Go back to ZeroSSL.com, click refresh Status, and Install the Certificate.
- Download Certificate : Download the Certificate (.zip) on your Machine and extract it to a specific folder.
Step 3 : Go to Sophos firewall : System>Certificate>Name and click upload
- Import Certificate: Choose File and select the certificate extracted(certificate), then import the certificate.
- Imported Successfully : Once uploaded, you probably will see a red x for Trusted. This is because the Sophos Firewall doesn’t have the Certificate Authority installed.
- Add ca_bundle:Go to Certificate Authorities, Click Add, then choose file, select the “ca_bundle “then click save
Verify if the Certificate is trusted: Return to the Certificate Tab. You’ll see a green tick instead of the red x. This means the certificate is trusted.
Final step : Admin and User Settings
To use the Certificate, go to System>Administration> Admin and user settings> Admin console and end-user interaction>select the newly created certificate(yourdomain.ca), then click apply and ok.