BlackWinter Promo
Save up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
Choose XGS Firewall modelSave up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
Choose XGS Firewall modelIf you want to scan HTTPS traffic on the Sophos firewall, you need to import the Sophos SSL proxy certificate on the clients so that no error message appears in the browser. In this tutorial we will show you how to set up this certificate for Internet Explorer, Edge, Firefox and Google Chrome browsers.
Log in to your Sophos Firewall (SFOS) as an administrator and go to Zertifikate
> Zertifizierungsstelle (CA)
from the menu. Then click on the download icon next to SecurityAppliance_SSL_CA
.
You will find the certificate under the name SecurityAppliance_SSL_CA.pem
on your hard disk.
The easiest way to distribute the certificate to all computers on the network is via a group policy in a domain. If you don’t have a domain, you can see the instructions for local installation for Windows and macOS below. For now, we will explain how the distribution of the certificate for the Internet Explorer
, Edge
and Google Chrome
browser works. Since Firefox has its own certificate management, the procedure there is somewhat different. We describe this later in this article.
Gruppenrichtlinienverwaltung
, select a policy and change to the directory Vertrauenswürdige Stammzertifizierungsstellen
> Zertifikate
.Alle Aufgaben
> Importieren...
.SecurityAppliance_SSL_CA.pem
certificate.If you want to import the certificate on a single Windows computer, the procedure is practically the same as if you were importing the certificate on the Active Directory server.
certmgr.msc
from the start menu and change to the directory Vertrauenswürdige Stammzertifizierungsstellen
> Zertifikate
.Alle Aufgaben
> Importieren...
.SecurityAppliance_SSL_CA.pem
certificate.On a Mac, the installation is also very simple. As is well known, certificates are managed there in the key ring.
SecurityAppliance_SSL_CA.pem
with a double click. After that, the keychain will be opened automatically.Immer vertrauen
.Mozilla’s Firefox browser has its own certificate management and therefore the methods described above unfortunately do not work. So if you surf the Internet with Firefox, you will have to put up with a somewhat more cumbersome installation of the certificate here.
Mozilla provides the GPO templates for Firefox on GitHub. You need the following files:
You can download these files individually from the Github Mozilla repository. Or you can download the complete policy_templates.zip, which contains all files for Windows and macOS in different languages.
Next, these .admx
and .adml
files still need to be copied to the correct folder on the Active Directory server so that they are later visible as a template in the Group Policy Management Editor. Make sure that you log in with a user who has sufficient permissions.
C:\Windows\PolicyDefinitions
. If your root partition does not have the drive letter C:, you can also call the path with a variable: %systemroot%\PolicyDefinitions
.firefox.adml
and mozilla.adml
into this folder.firefox.admx
and mozilla.admx
are available in different languages and belong in the corresponding subfolder de-DE
or en-US
.Administrativen Vorlagen
> Mozilla
> Firefox
> Zertifikate
> Install Certificates
.SecurityAppliance_SSL_CA.pem
.In order for the certificate to be imported when the browser is started, the .pem
file must be copied to the user profile. You can also do this via the GPO. The certificate SecurityAppliance_SSL_CA.pem
must be copied to the following two directories:
To check if everything worked, you can open the certificate management via the settings in Firefox. Under the tab Zertifizierungsstellen
you should now find the Sophos certificate.
Info: If you want to import the certificate on a macOS or Linux system, you can find the system paths on the following page: Mozilla Wiki – Add Root Certificate to Firefox
Save up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
XGS 107
30%40%30%30%30%30%30%30%30% OffXGS 116
40%70%40%40%40%40%40%40%40% OffXGS 126
50%70%50%50%50%50%50%50%50% OffXGS 136
50%70%50%50%50%50%50%50%50% OffXGS 2100
50%80%60%60%60%60%60%60%60% OffXGS 2300
50%80%70%70%70%70%70%70%70% OffXGS 3100
50%80%70%70%70%70%70%70%70% OffXGS 3300
20%70%50%50%50%50%50%50%50% OffXGS 4300
50%70%50%50%50%50%50%50%50% OffXGS 4500
50%70%50%50%50%50%50%50%50% OffXGS 5500
50%70%50%50%50%50%50%50%50% OffXGS 6500
50%70%50%50%50%50%50%50%50% Off