I had purchased a RapidSSL certificate to use on my ASG for the WebAdmin and User Portal (8.3) only to find out after the fact that the ASG doesn't support certs with an intermediate CA (which is in and of itself somewhat unbelievable).
So I opened a ticket with support and got back:
----
It's a known issue and there is a feature request already for this:
Support for intermediate CAs
We are trying to get it fixed in later versions of UTM 9 but there is no detailed information on this yet.
Kind regards,
Sophos Technical Support Team - Network Security
----
So then I asked for a recommendation of what vendor I should get an SSL cert from, and got back:
----
Matt,
there are two types of certificates available. Root CA and intermediate CA.
Intermediate certificates are not supported at moment.
You can use any Root CA signed certificate.
Kind regards,
Sophos Technical Support Team - Network Security
----
I started shopping around, but I can't tell who issues form a Root CA and who issues from an Intermediate CA (which many sites claim is more secure). I hate to start buying certs and trying them (I was able to return the RapidSSL cert). So can someone suggest a vendor that will definitely work with the ASG? Thanks!
Matt
So I opened a ticket with support and got back:
----
It's a known issue and there is a feature request already for this:
Support for intermediate CAs
We are trying to get it fixed in later versions of UTM 9 but there is no detailed information on this yet.
Kind regards,
Sophos Technical Support Team - Network Security
----
So then I asked for a recommendation of what vendor I should get an SSL cert from, and got back:
----
Matt,
there are two types of certificates available. Root CA and intermediate CA.
Intermediate certificates are not supported at moment.
You can use any Root CA signed certificate.
Kind regards,
Sophos Technical Support Team - Network Security
----
I started shopping around, but I can't tell who issues form a Root CA and who issues from an Intermediate CA (which many sites claim is more secure). I hate to start buying certs and trying them (I was able to return the RapidSSL cert). So can someone suggest a vendor that will definitely work with the ASG? Thanks!
Matt