Setting up CA server on InterScan Messaging Security Virtual Appliance (IMSVA) to sign certificates

Interscan Messaging Security Virtual Appliance9.1

Last updated: 2021/08/28

Solution ID: KA-0001873

Category: Configure

Learn how to set up a Certificate Authority (CA) server on IMSVA to sign certificates.

Follow these steps:

Open /etc/pki/tls/openssl.cnf and locate [CA_default] section, then remove "#" at the start of copy_extentions.
# Extension copying option: use with caution.

copy_extensions = copy

Save the changes.
Create an empty index.txt file in the /etc/pki/CA directory using the following command.
[root@imsva ~]# touch /etc/pki/CA/index.txt
Create the serial file with initial content in the /etc/pki/CA directory using the following command.
[root@imsva ~]# echo "01" > /etc/pki/CA/serial
Generate the CA certificate.
[root@imsva ~]# openssl req -x509 -newkey rsa:2048 -keyout CA_key.pem -out CA_cert.pem -config /etc/pki/tls/openssl.cnf

Enter a password and provide information when prompted.
Sign IMSVA certificate.
To generate CSR with SANs, refer to < Create a 2048 bit CSR with SANs.docx>

[root@imsva ~]# openssl ca -days 3650 -cert CA_cert.pem -keyfile CA_key.pem -in imsva.csr -out imsva.pem -config /etc/pki/tls/openssl.cnf

When prompted for password, type the password set in Step 1.
Copy CA_cert.pem, imsva.pem and imsva_key.pem out with WinSCP or other tools.

Was this article helpful?