Import a Public Signed Certificate to Sophos UTM Web Application Security

From Bonus Bits
Jump to: navigation, search

Purpose

This article gives the steps to add a Trusted SSL Certificate to Sophos United Threat Management (UTM) 9 . To terminate HTTPS at UTM and then pass HTTP to backend web servers using Webserer Protection feature of UTM.


Prerequisites


Combine Generated Cert with CA Cert/s CRTs

If the provider doesn't return a chain or combined file that includes your generated cert and their CA certs then you'll need to combine them into a new file.

  1. cat cert1.crt cert2.crt > combined.crt
    
    OR
    cat *.crt > combined.crt
    


Convert CRT to P12

  1. Convert SSL Certificate to PKCS12 format with CA Included.
    openssl pkcs12 -export -in combined.crt -inkey <private key file name>.key -out <your filename>.p12
    
    Add CA Cert (Option 2 - WIthout Combining Certs)
    openssl pkcs12 -export -in www.domain.com.crt -inkey www.domain.com.key -out www.domain.com.p12 -certfile COMODORSAAddTrustCA.crt
    
  2. Enter Password

Warning.png A Password Must be Entered Or when you attempt to upload to UTM it will error.


Import to UTM

  1. Open UTM Web Console
  2. Browse to Webserver Protection | Certificate Management | Certificates
  3. Select New Certificate
  4. Name the Certificate
    1. i.e. www.domain.com
  5. Select Method | Upload
  6. Select File Type | PKCS#12 (Cert+CA)
  7. Select File
  8. Browse to file folder icon
  9. Select Choose File
  10. Browse local system for .p12 file
  11. Select Open | Start Upload
  12. Enter Password set during conversion (If any)
  13. Save


Add/Update Virtual Web Server

  1. Open Web Console
  2. Select Web Application Security | Virtual Web Servers
  3. Select Add/Edit
  4. Select Type | SSL (HTTPS)
  5. Select certificate www.domain.com
  6. ...
  7. Save


Sources