Sophos router upload SSL certificate and intermediate chain

If wanting to correctly secure access to a sophos router so it does not show a certificate error when accessing the web interface.

• If it is a wildcard certificate setup in IIS, export the certificate as a .PFX file, noting the password set in the export process
• In the Sophos under SYSTEM-> Certificates Add the certificate. Set the domain name with prefix of the certificate, set the file format to PKCS12, Choose file and browse to the export from IIS and enter the password set above.

• If there is an old certificate with the same name you are replacing, you will receive an error. First delete the old certificate. To do this you may need to first go into Administration -> Admin and user settings and change from the old certificate to ApplianceCertificate and Apply

• Once you do that if you previously logged in using the old certificate address, you will need to login to pickup use of the ApplianceCertificate.
• Change the SSL VPN global settings to use the ApplianceCertificate

• Now try deleting the old certificate and add the updated one.
• If in the certificates Trusted column there is a red x, you will need to upload the intermediate certificate

• From your certificate provide locate, download and extract the intermediate certificate change e.g. from
• AlphaSSL / Wildcard Intermediate – R6 AlphaSSL CA 2025 – SSL Help Center
• Under Certificate authorities in the sophos, Add
• Choose File and browse to the extracted intermediate chain certificate file
• Set a name

• Save the certificate authority
• Go back to certificate tab and check the new certificate is now trusted

• Assign the new certificate in Admin and user settings and SSL VPN global settings