Views:

  1. Create a backup of the /etc/pki/tls/openssl.cnf file.
  2. Edit /etc/pki/tls/openssl.cnf with the following:
    1. Under [CA_default]
      dir = /etc/pki/CA # where everything is kept
      Extension copying option: use this with caution
      copy_extensions = copy
    2. Under [req]
      req_extensions = v3_req
    3. Under [v3_req]
      subjectAltName = @alt_names
      [alt_names]
      DNS.1 = servermx1.domain.com
      DNS.2 = servermx2.domain.com
  3. Create an empty index.txt file in the /etc/pki/CA directory using this command:

    [root@imsva80b ~]# touch /etc/pki/CA/index.txt

  4. Create the serial file with initial content in the /etc/pki/CA directory using this command:

    [root@imsva80b ~]# echo "01" > /etc/pki/CA/serial

  5. Generate the TLS certificate using the following commands:

    openssl req -x509 -newkey rsa:1024 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
    openssl genrsa -out /tmp/imsva_key.pem 1024
    openssl req -new -key /tmp/imsva_key.pem -out /tmp/imsva_req.pem

    Note: Imsva_req.pem is the certificate with multiple “Subject Alternative Name”.
  6. Check the certificate using the following command:

    openssl req -text -noout -in /tmp/imsva_req.pem

    • If the certificate is properly created, you will see the contents of the certificate in encrypted form.
    • If the certificate was not created properly, you will see error messages after executing the command.
  7. Sign the certificate using the following command:

    openssl ca -days 365 -cert /tmp/root_req.pem -keyfile /tmp/root_key.pem -in /tmp/imsva_req.pem -out /tmp/imsva_cert.pem -outdir /tmp

    Using the configuration from /etc/pki/tls/openssl.cnf, enter the password for /tmp/root_key.pem: trend.

     
    'trend' may be any password that you want to use.

For IMSVA 9.0

  1. Go to Administration > IMSVA Configuration > Transport Layer Security.

    The Transport Layer Security (TLS) screen appears with the Messages Entering IMSVA tab displayed by default.

  2. Click the SMTP and HTTPS Certificatestab.

    The SMTP and HTTPS Certificates screen appears.

    SMTP and HTTPS Certificates screen

  3. Under the SMTP and HTTPS Certificate List, click Add.

    The Add Certificate screen appears.

  4. Configure the settings.

    Set TLS settings

    Set TLS settings

    Refer to page 13-4, 13-5 and 13-6 of the IMSVA 9.0 Administrator’s Guide for more details.

  1. Generate the TLS certificate using the following commands:

    openssl req -x509 -newkey rsa:1024 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
    openssl genrsa -out /tmp/imsva_key.pem 1024
    openssl req -new -key /tmp/imsva_key.pem -out /tmp/imsva_req.pem

    Imsva_req.pem is the certificate with multiple “Subject Alternative Name”.

  2. Check the certificate using the following command:

    openssl req -text -noout -in /tmp/imsva_req.pem

    • If the certificate is properly created, you will see the contents of the certificate in encrypted form.
    • If the certificate was not created properly, you will see error messages after executing the command.
  3. Bring the output PEM to the third-party company for signing.
Keywords: self-signed certificate,certificate in PEM format,inbound TLS connections,generate self-signed certificate,create self-signed certificate