FIrewall issue with apostrophe in CA name


We have a Cyberoam firewall UTM device, but it will not allow us to import the Let’s Encrypt CA certificates into the local ca store as it does not seem to sanitize the OU for the apostrophe in the “Let’s” name in the certificate. Is there any known way to work around this issue, as the the firewall provider has not provided a patch for this issue…


Hi @echokev,

Sorry to hear about the trouble with your firewall. That sounds like a pretty annoying bug and it’s a shame they don’t have a patch!

Could you perhaps add the IdenTrust DST Root CA X certificate to your trust store instead of the ISRG Root X1? The IdenTrust root cross signs the Let’s Encrypt Authority X3 intermediate certificate and so having it in your trust store should allow your system to verify well-formed Let’s Encrypt leaf certificate chains.

It’s also possible I’m misunderstanding the question/problem. I’m certainly not familiar with Cyberoam firewalls :slight_smile:

Hi @cpu,

I had hoped that would work, but no luck. Possible that the firewall device is choking on the TLS certificates themselves, and not just the importation of the CA certificates.

Thanks for the suggestion though.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.