In Sophos UTM 9 version 9.6x, Sophos have included the ability to create free SSL certificates using Let’s Encrypt to protect web servers, the web admin and other services. This is awesome news!
To get started creating a Let’s Encrypt certificate on your Sophos UTM 9, you’ll need to do the following:
- Ensure your Sophos UTM 9 is updated to version 9.6x
- A public subdomain with DNS pointing to your external IP address
- example: www.utm.yourdomain.com.au
- Your ISP allows TCP port 80 inbound
Let’s get started!
Enabling Let’s Encrypt Certificates on Sophos UTM 9
- Login to your Web Admin of your firewall. By default, it is: https://192.168.1.1:4444
- Expand WEB SERVER PROTECTION
- Click on CERTIFICATE MANAGEMENT
- Click on the ADVANCED tab
- Select Allow Let’s Encrypt certificates
Generate a new Let’s Encrypt Certificate on Sophos UTM 9
- Click on the CERTIFICATES tab
- Click on NEW CERTIFICATE
- Enter a
NAMEfor the certificate so you can easily identify it
- Select LET’S ENCRYPT for the
- Select EXTERNAL (WAN) (ADDRESS) for the
+to your domain name
- Type in the name of your fully qualified domain name (FQDN)
- Click SAVE
- Give your UTM a few minutes and it should create a new certificate from Let’s Encrypt
Wildcard Let’s Encrypt certificates are not supported by the Sophos UTM at the time of this publication.
If your certificate was successful, you should see a green icon next to the certificate.
If it fails, you’ll see a yellow alert icon next to the certificate.
Using Let’s Encrypt SSL certificate for Web Admin on the Sophos UTM 9
We can use your newly generated Let’s Encrypt certificate for your Sophos UTM 9 web admin.
- Click on MANAGEMENT.
- Click on WEBADMIN SETTINGS.
- Click on the HTTPS CERTIFICATE tab.
- Under “Choose WebAdmin/User Portal Certificate” select the certificate you created.
- Click APPLY
I hope this article has helped you setup a Let’s Encrypt certificates on your Sophos UTM 9. If you’re on Aussie Broadband and can’t generate cerficates, see the solution.