Certificates

You can view, add, manage, and download certificates.

Digital certificates verify ownership of a user or computer (example: VPN) or an organization (example: websites) over the internet and are issued by a certificate authority (CA). Certificate signing requests (CSR) let you provide the information the CA needs to issue a certificate. CAs issue certificates that can include the owner's public key, the certificate's validity period, owner information, and the private key. The private key, which the owner holds, completes the verification.

You can revoke certificates when the private key is lost, stolen, or updated. CAs maintain a list of valid and revoked certificates. Locally-signed certificates that are revoked are automatically added to the certification revocation list (CRL).

Sophos Firewall allows you to do the following tasks:

  • Generate a locally-signed certificate, upload a third-party certificate, or generate a CSR.
  • Use the device as the CA or add an external CA.
  • Revoke a locally-signed certificate or upload an external CRL.

The certificates list shows all the installed certificates. Hover over a certificate's name to see the details about its subject, issuer, and its purpose. The check mark in the Trusted column indicates that an associated CA is installed on Sophos Firewall for the certificate.