Sophos UTM – Lets Encrypt
I have written previously around my use of Sophos UTM within my homelab. Now I know it’s not a perfect device and some diehard network engineers will say it doesn’t have a CLI. But for my lab, my requirements and my level of skill its a dam good device with SO many features. It may not have a CLI but it does have an API which has been on my backlog to look into for a long time.
Version 9.6 has just been released and one of the features that has been added was the integration of let’s encrypt certificates. Here is a quick intro to get up and running with them.
Create a certificate
To get started first of we need to enable Lets Encrypt. This is done in the advanced section of the Certificate Management console with a simple tickbox.
Once that’s been enabled its time to request some certificates.
Navigate to Webserver Protection > Certificate Management > Certificates.
Click on +New Certificate…
When you select save the UTM Appliance creates a self signed certificate that can be used immediatly. In the background it requests a certificate from lets encrypt and providing it passes the validation checks the signed Let’s Encrypt certicate is recieved back from Let’s encrypt.
Then its simply a case of applying it. In this example I have added to the Web Application Firewall section protecting the webserver
This can then be validated by visiting the site and as can be seen its displaying properly.
I have created Lets Encrypt certificates for all of the services that I run on the UTM, they auto renew and generally make life a lot easier.