Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Generating 2048-bit third-party Certificate Signing Request (CSR) with multiple names on InterScan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 15 Oct 2019
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • Interscan Messaging Security Virtual Appliance 9.0
    • InterScan Messaging Security Virtual Appliance 9.0
    • Interscan Messaging Security Virtual Appliance 9.1
    • Platform:
    • N/A
Summary
Create a 2048-bit third-party Certificate Signing Request (CSR) with multiple names.
You can use this if you have several IMSVAs installed and want to enable Transport Layer Security (TLS) connection with trusted certificate.
Details
Public

Follow these steps:

  1. SSH to IMSVA with the root account.
  2. Create a backup of the OpenSSL configuration by running the following command.

    cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl-ORIG

  3. Open the openssl.cnf file using a text editor. For example, if you are using the Vi text editor, run the following command.

    vi /etc/pki/tls/openssl.cnf

  4. Look for the [ req ] section and remove “ #” from the start of the following line.

    # req_extensions = v3_req #

  5. Under the [ req ] section, change the value of default_md to “sha256”.

    default_md = sha256

  6. Look for [ v3_req ] and add the following lines.

    subjectAltName = @alt_names
    [alt_names]
    DNS.1 = imsva02.gz.cncorlab.com
    DNS.2 = imsva03.gz.cncorlab.com
    #replace the dns name with your IMSVAs' FQDNs

  7. Save the changes.
  8. Create a new private key by running the following command.

    openssl genrsa -out imsva_key.pem 2048

  9. Generate the CSR by running the following command.

    openssl req -new -out imsva.csr -key imsva_key.pem -config /etc/pki/tls/openssl.cnf

    When prompted, answer the usual CSR questions.

  10. Confirm the information by running the following command.

    openssl req -text -noout -in imsva.csr

    You should see the primary Common Name and the SANs. As an example:

    Certificate Request:
    ...
    Requested Extensions:
    ...
    X509v3 Subject Alternative Name:
    DNS:imsva02.gz.cncorlab.com, DNS:imsva03.gz.cncorlab.com

  11. Copy imsva.csr and imsva_key.pem out with WinSCP or similar tools. Submit CSR file imsva.csr to the third party CA, and request the signed certificates in PEM format.
  12. If your third party CA doesn't provide PEM format certificates for downloading, please refer to its FAQ for the procedure to convert the certificates to PEM format. For example, https://www.digicert.com/ssl-support/pem-ssl-creation.htm
    Or you may refer to this article on Converting Certificated - OpenSSL.
Premium
Internal
Rating:
Category:
Configure; Deploy
Solution Id:
1096550
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.