Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Setting up CA server on InterScan Messaging Security Virtual Appliance (IMSVA) to sign certificates

    • Updated:
    • 15 Oct 2019
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 9.1
    • Platform:
    • Linux - Red Hat RHEL 5 64-bit
Summary

Learn how to set up a Certificate Authority (CA) server on IMSVA to sign certificates.

Details
Public

Follow these steps:

  1. Open /etc/pki/tls/openssl.cnf and locate [CA_default] section, then remove "#" at the start of copy_extentions.

    # Extension copying option: use with caution.

    copy_extensions = copy

    Save the changes.

  2. Create an empty index.txt file in the /etc/pki/CA directory using the following command.

    [root@imsva ~]# touch /etc/pki/CA/index.txt

  3. Create the serial file with initial content in the /etc/pki/CA directory using the following command.

    [root@imsva ~]# echo "01" > /etc/pki/CA/serial

  4. Generate the CA certificate.

    [root@imsva ~]# openssl req -x509 -newkey rsa:2048 -keyout CA_key.pem -out CA_cert.pem -config /etc/pki/tls/openssl.cnf

    Enter a password and provide information when prompted.

  5. Sign IMSVA certificate.

    To generate CSR with SANs, refer to < Create a 2048 bit CSR with SANs.docx>

    [root@imsva ~]# openssl ca -days 3650 -cert CA_cert.pem -keyfile CA_key.pem -in imsva.csr -out imsva.pem -config /etc/pki/tls/openssl.cnf

    When prompted for password, type the password set in Step 1.

  6. Copy CA_cert.pem, imsva.pem and imsva_key.pem out with WinSCP or other tools.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1057294
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.