Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Update the default CA

When you update the default CA, it's automatically regenerated.

To edit its settings, do as follows:

  1. Go to Certificates > Certificate authorities and click the default CA (Default).

    You can't change its name.

  2. Country name: Enter the country in which the firewall is deployed.

  3. State: Enter the state or region.
  4. Locality name: Enter the city.
  5. Organization name: Enter the certificate owner's name (example: Sophos Group).
  6. Organization unit name: Enter the department to which you'll assign the certificate (example: Marketing).
  7. Common name: Enter the hostname or FQDN (example: marketing.sophos.com).
  8. Enter the contact person's email address.
  9. To change Private key password if you've set one, do as follows:

    1. Key type: Select from the following options:

      • RSA
      • Elliptic curve
    2. Select the Key length (for RSA) or Curve name (Elliptic curve).

      Larger RSA keys offer greater security but take longer to encrypt and decrypt data.

    3. Secure hash: Select the algorithm.

  10. Click Save.