HTTPS Certificate

On the Management > WebAdmin Settings > HTTPS Certificate tab you can import the WebAdmin CA certificate into your browser, regenerate the WebAdmin certificate, or choose a signed certificate to use for WebAdmin and User Portal.

During the initial setup of the WebAdmin access you have automatically created a local CAClosed Certificate Authority certificate on Sophos UTM. The public key of this CA certificate can be installed into your browser to get rid of the security warnings when accessing the WebAdmin interface.

Import CA into Browser

To import the CA certificate, proceed as follows:

  1. On the HTTPS Certificate tab, click Import CA Certificate.

    The public key of the CA certificate will be exported.

    You can either save it to disk or install it into your browser.

  2. Install the certificate (optional).

    The browser will open a dialog box letting you choose to install the certificate immediately.

Note – Due to different system times and time zones the certificate might not be valid directly after its creation. In this case, most browsers will report that the certificate has expired, which is not correct. However, the certificate will automatically become valid after a maximum of 24 hours and will stay valid for 27 years.

Import CA Certificate under iOS/Safari

To import the CA certificate under iOS with Safari browser, proceed as follows:

  1. On the HTTPS Certificate tab, click Import CA Certificate.

    The public key of the CA certificate will be exported and downloaded.

    The file WebAdmin.cer is ready on your system and need to be installed manually. By default, you find the file WebAdmin.cer in your download folder.

  2. Double click on WebAdmin.cer.

    The Keychain Access will open a window letting you choose to trust the certificate.

  3. Click Always Trust.

    The CA certificate is listed in the key chain list.

Re-generate WebAdmin Certificate

The WebAdmin certificate refers to the hostname you have specified during the initial login. If the hostname has been changed in the meantime, the browser will display a security warning. To avoid this, you can create a certificate taking the new hostname into account. For that purpose, enter the hostname as desired and click Apply. Note that due to the certificate change, to be able to continue working in WebAdmin, you probably need to reload the page via your web browser, accept the new certificate, and log back into WebAdmin.

Choose WebAdmin/User Portal Certificate

If you do not want to import the CA certificate but instead use your own signed certificate or a Let’s Encrypt certificate for WebAdmin/User Portal, you can select it here. However, for the certificate to be selectable from the drop-down list, you need to upload it first on the Remote Access > Certificate Management > Certificates tab in PKCS#12 format, containing the certificate, its CA and its private key. To use the uploaded certificate, select it from the Certificates drop-down list and click Apply.