Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Remove Certificate Errors while Accessing Firewall


Here in this article we will troubleshoot the issue when users are accessing webadmin or User portal they were getting security error as shown in image below

Unsecure connection
Security Error


This certificate error is due to untrusted certificate. You need to install the certificate authority to your local machine or browser to resolve this certificate issue or use a certificate signed by trusted web certificate authority (CA) like godaddy, digicert etc

Here in this article we will discuss how to use self signed certificate to resolve the security errors when accessing web admin or user portal.

Step-1: Login to sophos firewall GUI and click on certificates menu and click on add certificate and select option Generate Self Signed Certificate

Self Signed Certificate

Fill all the details required in the certificate.

Subject Alternative Names are nothing but alternative names to recognize the firewall. In this case i am not adding any SAN. You must add your firewall LAN IP address as certificate ID.

Certificate ID
Certificate ID

If certificate is saved properly then it will indicate with tick mark as shown in below image. Here locally signed option means it is signed locally by firewall.

Test Certificate
Tick Mark

Now you have installed certificate properly in XG firewall, You need to apply this certificate under Administration >> Admin Settings and upload this certificate under Admin console settings as shown in below image.

Admin Settings
Admin Console Settings

Identify the certificate with name default under certificate authorities as shown in below image and download it.

Default CA
Default CA

It will be downloaded in zip file format as shown in below image

Certificate zip file
Zip file

Extract the certificate from th zip file two files will be downloaded, one is PEM file and other is DER file as shown in below image

DER file

Now double click on the Default.der certificate. We can notice the information in certificate that it was issued by “Default CA” and its validity date. Click on the install certificate option.

Certificate install

You can select either local user or current machine. Here if you select local user, certificate error will not come only to currently logged in user. Instead, if you select it to current machine certificate error will not come to any user who logged to this machine.

Now click on “Place all certificate in the following store” and click on browse tab and place this certificate under trusted root certificate authorities.

Place certificates
Certificate Store

Then click on next and click on finish tab. If the certificate is imported successfully to the local machine, we will get pop up as shown in below image


Now the certificate is installed in machine, we will not get any certificate errors while accessing web admin or user portal. You can test it now.

Secure Connection
Connection Secure

Note: If you are using third party signed certificate for webadmin or user portal, no need to import certificate in local machine.

Hope this article helps you.