You can upload an external certificate, generate a locally-signed certificate, and generate a Certificate Signing Request (CSR).
- Hover over a certificate's name to see its subject, issuer, and purpose.
- A checkmark in the Trusted column for the certificate indicates that its associated CA is installed on Sophos Firewall.
- You can regenerate the built-in certificate (ApplianceCertificate).
- You can revoke locally-signed certificates. The firewall automatically adds the details to the Default certificate revocation list (CRL).
You can copy the certificate or download it as a
- Built-in certificate: Sophos Firewall provides a built-in certificate (ApplianceCertificate) that's selected by default for services, such as the web admin console, user portal, and captive portal.
- Locally-signed certificate: You can generate these certificates on the firewall. These are signed by the firewall's internal CA (Default). To see the internal CA, go to Certificates > Certificate authorities.
External certificate: You can import an external certificate. You can generate it using one of the following methods:
- Generate a CSR on the firewall and use it to generate a certificate signed externally, such as Active Directory Certificate Services.
- Generate the CSR and certificate externally.
Make sure you upload both the certificate and the signing CA to the firewall. If the signing CA is a subordinate CA, make sure you also upload its root CA.