Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Generating 2048-bit third-party Certificate Signing Request (CSR) with multiple names on InterScan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 18 Nov 2014
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • N/A N/A
Summary
Create a 2048-bit third-party Certificate Signing Request (CSR) with multiple names.
You can use this if you have several IMSVAs installed and want to enable Transport Layer Security (TLS) connection with trusted certificate.
Details
Public
To generate the CSR:
  1. Log in to the command line interface (CLI) using the root account.
  2. Create a backup of the OpenSSL configuration. Run the following command:
    cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl-ORIG
  3. Open the openssl.cnf file using a text editor. For example, if you are using the vi text editor, run the following command:
    vi /etc/pki/tls/openssl.cnf
  4. Look for the [ req ] section and remove “ #” from the start of the following line:
    # req_extensions = v3_req #
  5. Look for [ v3_req ] and add the following additional server names:
    subjectAltName = DNS:server1.example.com DNS:server2.example.com
  6. Under the [ req ] section, change the value of default_bits to “2048”.
    [ req ]
    default_bits = 2048
  7. Save the changes.
  8. Create a new private key by running the following command:
    openssl genrsa -out /tmp/imsva_key.pem 2048
  9. Generate the CSR by running the following command:
    openssl req -new -out imsva.csr -key /tmp/imsva_key.pem
    When prompted, answer the usual CSR questions.
  10. Confirm the information by running the following command:
    openssl req -text -noout -in example-com.csr
    You should see the primary Common Name and the additional names. Example:
    Requested Extensions:
    X509v3 Subject Alternative Name:
    DNS:server1.example.com DNS:server2.example.com
    After confirming that the information is correct and the required additional names are included, you can use this CSR to order your certificate. Request it in PEM format.
  11. Deploy the certificate and key in the IMSVA console:
    1. Import the root_CA.pem file. Go to Administration > IMSVA Configuration > SMTP Routing > Connections > TLS Setting > CA Certificate.
      Note: This is the root certificate for the third-party certificate authority.
    2. Import the imsva_key.pem file. Go to Administration > IMSVA Configuration > SMTP Routing > Connections > TLS Setting > Private Key.
    3. Import the imsva.pem file signed by the authority. Go to Administration > IMSVA Configuration > SMTP Routing > Connections > TLS Setting > SMTP server certification.
Premium
Internal
Rating:
Category:
Configure; Deploy
Solution Id:
1096550
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.