Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Generating a self-signed certificate in PEM format for InterScan Messaging Security

    • Updated:
    • 26 Jan 2016
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - SuSE 10
    • Linux - SuSE 9.0
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2000 Advanced Server
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
Summary

Generate a self-signed certificate for InterScan Messaging Security Suite (IMSS) and InterScan Messaging Security Virtual Appliance (IMSVA) to enable inbound TLS connections.

Details
Public
  1. Create a backup of the /etc/pki/tls/openssl.cnf file.
  2. Edit /etc/pki/tls/openssl.cnf with the following:
    1. Under [CA_default]
      dir = /etc/pki/CA # where everything is kept
      Extension copying option: use this with caution
      copy_extensions = copy
    2. Under [req]
      req_extensions = v3_req
    3. Under [v3_req]
      subjectAltName = @alt_names
      [alt_names]
      DNS.1 = servermx1.domain.com
      DNS.2 = servermx2.domain.com
  3. Create an empty index.txt file in the /etc/pki/CA directory using this command:

    [root@imsva80b ~]# touch /etc/pki/CA/index.txt

  4. Create the serial file with initial content in the /etc/pki/CA directory using this command:

    [root@imsva80b ~]# echo "01" > /etc/pki/CA/serial

  5. Generate the TLS certificate using the following commands:

    openssl req -x509 -newkey rsa:1024 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
    openssl genrsa -out /tmp/imsva_key.pem 1024
    openssl req -new -key /tmp/imsva_key.pem -out /tmp/imsva_req.pem

    Note: Imsva_req.pem is the certificate with multiple “Subject Alternative Name”.
  6. Check the certificate using the following command:

    openssl req -text -noout -in /tmp/imsva_req.pem

    • If the certificate is properly created, you will see the contents of the certificate in encrypted form.
    • If the certificate was not created properly, you will see error messages after executing the command.
  7. Sign the certificate using the following command:

    openssl ca -days 365 -cert /tmp/root_req.pem -keyfile /tmp/root_key.pem -in /tmp/imsva_req.pem -out /tmp/imsva_cert.pem -outdir /tmp

    Using the configuration from /etc/pki/tls/openssl.cnf, enter the password for /tmp/root_key.pem: trend.

     
    'trend' may be any password that you want to use.

For IMSVA 9.0

  1. Go to Administration > IMSVA Configuration > Transport Layer Security.

    The Transport Layer Security (TLS) screen appears with the Messages Entering IMSVA tab displayed by default.

  2. Click the SMTP and HTTPS Certificatestab.

    The SMTP and HTTPS Certificates screen appears.

    SMTP and HTTPS Certificates screen

  3. Under the SMTP and HTTPS Certificate List, click Add.

    The Add Certificate screen appears.

  4. Configure the settings.

    Set TLS settings

    Set TLS settings

    Refer to page 13-4, 13-5 and 13-6 of the IMSVA 9.0 Administrator’s Guide for more details.

  1. Generate the TLS certificate using the following commands:

    openssl req -x509 -newkey rsa:1024 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
    openssl genrsa -out /tmp/imsva_key.pem 1024
    openssl req -new -key /tmp/imsva_key.pem -out /tmp/imsva_req.pem

    Imsva_req.pem is the certificate with multiple “Subject Alternative Name”.

  2. Check the certificate using the following command:

    openssl req -text -noout -in /tmp/imsva_req.pem

    • If the certificate is properly created, you will see the contents of the certificate in encrypted form.
    • If the certificate was not created properly, you will see error messages after executing the command.
  3. Bring the output PEM to the third-party company for signing.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1060979
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.