HTTPS certificate handling in Sophos UTM is a bit different than other systems. I do this often enough but never remember exactly how to do it.
Here are the “cliff notes” of getting an SSL certificate loaded into Sophos UTM. This can be done on any linux / unix system with openssl installed. The full guide was taken from here.
Generate a private key
When creating your key, make sure you use a passphrase.
openssl genrsa -aes256 -out <keyname>.key 2048
Create a certificate signing request (CSR)
openssl req -new -key keyname.key -out csrname.csr
Upload CSR to your certificate company
Sophos UTM uses Openssl so select that option if prompted by your certificate company Specify Apache CSR if asked. Validate your domain ownership, then wait for e-mail with response.
Download output from certificate company
If they give you a zip file, unzip it first
Combine all files provided into one
You only have to do this if your CA provides more than one CRT file
cat CA1.crt CA2.crt ... > combined.crt
Generate p12 file for use with UTM
Generate a pkcs12 file by supplying all files generated above. Be sure to specify an export password (Sophos requires one.)
openssl pkcs12 -export -in combined.crt -inkey <keyname>.key -out desired_p12_file_name.p12
Upload into Sophos UTM
Navigate to certificate management and specify upload key. Upload the file. Be sure to enter the password you used when creating the key earlier.