Sophos - SSL Renewal
Do NOT click cog (Regenerate Certificate) next to Appliance Certificate
If the ssl cert on vpn.cogs.us or on the Sophos firewall expires or is about to, you will need to renew the certificate.
The easiest way to do this is to generate a new CSR and upload the generated cert to the CSR request rather than trying to upload a new cert to an old request.
- Login to firewall and navigate to Certificates
- Click Add and change action to "Generate CSR"
- Name cert the "Domain-Year"
- Set common name to "domain" or "site to encrypt" - IE vpn.cogs.us
- Add DNS name that matches the common name
- Click Save
- Find CSR request and copy CSR or download to give to Certificate Authority.
- Verify/validate domain and download Certificate from CA.
- Locate CSR in Sophos Certificates page and select Import
After the Cert is imported you must apply it to the web interface
- Open Sophos Administration
- Select Admin and User Settings
- In Admin Console and end user interaction change the Certificate drop down to the new certificate.
- Check Settings and Click Apply.
- Log out and close out session.
- Re-visit page and verify new cert in browser.