Contact us at |support@ssldragon.com

How to Install an SSL Certificate on Sophos XG Firewall?

Tuesday, April 9th, 2019

This guide explains how to generate a CSR code and install an SSL Certificate on Sophos XG Firewall. Besides configuration instructions, you will also learn about Sophos’ history, and discover the SSL Vendor with the most affordable certificates on the market.

If you’ve already generated the CSR code elsewhere and received your digital certificate, feel free to skip part one and jump straight to installation steps.

Generate a CSR code on Sophos XG Firewall
Install an SSL Certificate on Sophos XG Firewall
Test your SSL installation
Sophos history and XG Firewall features
Where to buy the best SSL Certificate for Sophos XG Firewall?

Generate a CSR code on Sophos XG Firewall

CSR stands for Certificate Signing Request, a block of encrypted text containing your contact details such as domain and company identity. When applying for an SSL certificate, you must submit the CSR to your CA for validation. Along with the CSR you will also generate the private key which will remain on the Sophos system.

To create your CSR code, please perform the following:

  1. Log into your Sophos Firewall admin console
  2. Navigate to Certificates > Certificates and click Add
  3. Select the option Generate Certificate Signing Request (CSR)
  4. Under Certificate Details fill in the required fields as shown below:
    • Name: give a friendly name to your certificate
    • Valid until: enter the expiry date of your certificate
    • Key length: from the drop-down list, select 2048
    • Encryption: tick the Enable checkbox
    • Passphrase/PSK: create a password to protect your private key file
    • Certificate ID: from the drop-down list select Email and specify a valid email address
  5. Under Identification Attributes, provide the following information:
    • Country Name: from the drop-down list select the country where your company is located. For example, Canada
    • State: write the full name of the state where your company is registered. For instance, British Columbia
    • Locality Name: type the full name of the city where your company is based. For example, Vancouver
    • Organization Name: specify the full legal name of your company. For instance, Your Company LLC
    • Organizational Unit Name: enter the department within your company requesting the SSL Certificate. Usually, it’s IT or Web Administration
    • Common Name: provide the FQDN (fully-qualified domain name) you want to secure. For example, yourdomain.com
    • Email Address: type your email address.
  6. From the list of SSL Certificates, under the Name column, find the name of your CSR (you can also look for CSR in the Type column) and click on the download icon, under the Manage column.
  7. After you download the CSR on your device, you can open it with any text editor such as Notepad. During the SSL order process, you will have to send the CSR code to your CA for verification and validation.

Install an SSL certificate on Sophos XG Firewall

Once you’ve received the necessary SSL files from your CA, you can begin installing them. Sophos XG Firewall accepts SSL certificates signed by multiple CAs in .pem or .der format. Here’s what you will need:

  • Your SSL Certificate in .pem or .der format: It resides in the ZIP folder you received from your CA
  • Your private key: You’ve generated it along with the CSR code on the Sophos XG Firewall server
  • CA passphrase: the password for your private key

To add your SSL Certificate to Sophos XG Firewall, perform the following:

  1. Navigate to Certificates > Certificate Authorities and click Add
  2. Configure the fields as shown below:
    • Name: enter a friendly name for your certificate
    • Certificate File Format: from the drop-down list, select PEM or DER
    • Certificate: click browse and import your SSL Certificate

      Note: If you’ve generated the CSR code for your SSL Certificate on Sophos XG Firewall, you don’t need to import the private key and enter a CA passphrase. Your private key is already on the Sophos system.

    • Private Key: click browse and import your private key
    • CA Passphrase: enter the CA passphrase
  3. Your SSL Certificate should be now listed under Certificate Authorities.

Test your SSL installation

After you install an SSL Certificate on Sophos XG Firewall, grab one of these highly rated SSL tools and run a diagnostic scan on your SSL configuration. In just a few seconds, the SSL tool will pinpoint all the existing vulnerabilities and potential errors.

Sophos history and XG Firewall features

Sophos Group plc is a British security software and hardware company specializing in network security, email security, mobile security, encryption, and communication endpoint. Founded in 1985 by Jan Hruska and Peter Lammer, Sophos is listed on the London Stock Exchange and is part of the FTSE 250 Index.

Sophos XG Firewall is a high-end security product with tons of features such as superior visibility, powerful next-gen protection, and automatic threat response system.

Sophos XG Firewall is powered by Deep Learning technology that delivers the industry’s best detection rates without using signatures. It detects previously untracked malware quickly and efficiently.

Where to buy the best SSL Certificate for Sophos XG Firewall

SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Ubuntu servers. Here are the SSL certificate types you can buy from us:

To help you select the perfect SSL certificate, we created a couple of handy SSL tools. Our SSL Wizard can recommend the best SSL deal for your online project, while the Certificate Filter, can help you sort and compare different SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.