Skip to content
Last update: 2022-05-24

Add a CA

You can import external certificate authorities (CAs) for use with Sophos Firewall.

To import a certificate authority, do as follows:

  1. Go to Certificates > Certificate authorities and click Add.
  2. Upload the CA certificate or paste the certificate data. Sophos Firewall automatically detects the certificate format. It supports X.509 certificates in PEM, DER, or CER format.

    When you try to upload a CA that doesn't match a CSR, additional options appear.

    Select the purpose for which you want to use the CA:

    • Validation only
    • Signing and validation: To use the CA for signing, upload the private key and enter the private key password so that Sophos Firewall can unlock the key.

      If the CA matches an existing CSR, Sophos Firewall automatically uses Signing and validation.

  3. Enter a name.

    If the CA matches an existing CSR, Sophos Firewall uses the name of the CSR. You can change that name.

  4. Click Save.

More resources

Back to top