Adding certificate on Sophos XG210

Hi everyone, I have to put your certificate into your firewall, but I’m asked for a .key (private key) file besides the .pem file too. Attach screen.

How can I fix it?

Hi @m.mattioni

I have to put your certificate into your firewall

Our firewall? I don’t believe Let’s Encrypt makes firewalls.

How is this an issuance tech case?

I would suggest this is more a help case so please fill out the items below

I ran this command:

It produced this output:

There is also a guide here:


The file privkey.pem is the file you need to upload. You can change the extension if this really is required.

Also, does this firewall have the capability of serving an intermediate certificate? You should try to upload the file fullchain.pem as the certificate, as this file contains both the end certificate and the intermediate in one file.

Certificates are always in two parts (files):
The private part - which must always remain private.
And the public part (may contain several chained files) which always gets handed out to the public allowing SSL communications.

Thank’s for the help and sorry for my english !!
I have follow the guide sophos but I cant find the file “private.key” to upload it.
I can send my request CSR file to Letsencrypt and they respond me a file pem with a key ?

thanks a lot for the suggests.

best regards

lets encrypt does have your private file.
look in the folder where the other pem file is.

lets encrypt does not have your private file.

The private key is on your server, and was used to generate the CSR. Certbot call it “privkey.pem”

On the shell in the sophos firewall I cant find the private.key and in the web gui idem !!
I have generated the CSR but I do not know how to use it.

It sounds like your problem is understanding/operating the Sophos XG210.
If so, you may need to speak with the vendor or visit their support site for help with that.

have you tried:

maybe he did try and could not reach it - lol
I couldn’t reach it:
No FS ciphers!

The Sophos firewall needs your private key. They’re using the filename of private.key. certbot, dehydrated, and many other Let’s Encrypt clients, save the private key in a file called privkey.pem. They’re the same thing. Upload privkey.pem as your private key.

That’s not a very accurate explanation of how certificates work. Although the private key is part of the PKI system of TLS, it is not part of the certificate. It is however part of the public/private keypair, but only the public key is part of the certificate.

My objective was not to explain how certificates work.
It was simply to grasp to concept of private and public.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.