How to generate a Certificate Signing Request (CSR) on Sophos UTM 9
Please exclude all Brackets from the following commands.
- Log into the back end of the UTM.
- Log in as root su.
- Then switch to the home directory (cd/home/login)
- Now create a openvpn.cnf file with the following commands (cat/et/ssl/openssl.cnf | grep -v SUBJECT_ALT_NAME > ./openssl.config)
- Then we have to generate the CSR.
- openssl req -config ./openssl.config -new -newkey rsa:2048 -out www.yourdomain.com.csr
- You should now get prompted for a passphrase and a Confirmation Passphrase (Enter the passphrase of your choice and press enter)
- You should now be prompted for details for the CSR ( Enter the details and hit enter again.
- The completed CSR will be saved to /home/login and can be downloaded with WinSCP.
Here is a quick breakdown on how to get the firewall and the central management to communicate.
On the XG Firewall do the following:
- Navigate to the System (the little gear icon).
- Select Administration and then Central Management.
- Select to Enable Central Management
- For the IP Address / Domain enter the central management device IP.
- For Communication Details > set the Heartbeat Protocol > Https and Heartbeat Port to 443.
- Choose which synchronisation suits you best, to either pull device configuration or use the Firewall Manager to push the configuration.
Then Sophos firewall manager configuration is as follows:
- From Home navigate to Device Configuration and select Add Device
- Enter all Device Information and click Next
- Define Communication Mode and click Next
- Choose whether to update device firmware
- Configure Backups
- Select a template to Auto Configure Device and click Next
- The XG Firewall will now be communicating with the Sophos firewall manager.