Wednesday, August 16, 2017

Let's Encrypt and Sophos XG Firewall

I am publishing my web server behind the Sophos XG firewall. I need SSL certificate that is free and trusted by most of internet browsers. The answer is Let's Encrypt.

I use this site to help integrate with Let's Encrypt : http://zerossl.com

Steps
#1 Generate CSR from the XG firewall and download the CSR and the private key
#2 Navigate to zerossl.com and paste the CSR content
#3 Follow the instruction to validate your domain - I did DNS option by inserting TXT value
#4 Once validation is successful, the signed public key is ready to be downloaded
#5 Upload the signed key to XG firewall along with the private key that was downloaded on step #1
#6 (optional) if XG firewall does not trust Let's Encrypt CA, add this to the Trusted CA

Done!!