- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Generate & Import a SSL certificate (PKCS#12) file for import on an Email Security appliance
06/20/2022 
367 People found this article helpful
119,590 Views
Description
This article contains the steps required for generating a PKCS#12 file for import on an Email Security appliance.
Resolution
The first step is to generate a private key which can be done either in Linux or Windows.
Generating a private key in Linux
Access terminal within a Linux box
Type in the following command (or paste) The names of the CSR and privatekey (in italics) can be adjusted accordingly, but the file type needs to remain the same.
openssl req -out my_csr.txt -new -newkey rsa:2048 -nodes -keyout privatekey.txt
Skip to Generating the PKCS#12 file.
Generating a private key in Windows
1. Go to http://gnuwin32.sourceforge.net/packages/openssl.htm and download the openssl-0.9.8h-1-setup.exe file.
2. Run the .exe and install to c:\openssl
3. After installation completes, copy and paste the following into a text editor and save as openssl.cnf to C:\openssl\bin
NOTE: Edit the alt_names section to include any SAN names that are needed, no other sections need to be edited at this time
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Phoenix
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Test Bed USA
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = Common Name of device
commonName_default = mail.example.com
commonName_max = 64
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = RA1.example.com
DNS.2 = RA2.example.com
DNS.2 = CC1.example.com
4. Open a command prompt & type or copy/paste cd c:\openssl\bin
5. Type openssl and press Enter, then paste the following command at the next prompt and move on to Generating the PKCS#12 file.
req -new -newkey rsa:2048 -nodes -keyout privatekey.txt -out my_csr.txt -config openssl.cnf
Generating the PKCS#12 file
1. Enter the information appropriate to the organization
2. Once the information is entered, two files will be created and placed in the C:\openssl\bin directory, my_csr.txt and privatekey.txt. Save them in a secure location.
3. Submit the my_csr.txt file to a Certificate Authority.
4. Download the necessary intermediate and root certificates.
5. From the command prompt, navigate to the openssl application as noted above and type or copy/paste the following to convert to PFX.
openssl pkcs12 -export - certificate.pfx -inkey privatekey.txt - certificate.crt - certfile CACert.crt
NOTE: Edit the command with the appropriate information: certificate.pfx is the name of the converted certificate, privatekey.txt is the file generated in step 2, certificate.crt is the certificate generated by the CA, CACert.crt are the intermediate certs generated by the CA
6. Alternately, the certificate converter on https://www.sslshopper.com/ssl-converter.html can be used
CAUTION: Using the converter is not recommended due to exposure of the private key to the internet
Importing the PKCS#12 file to the ES appliance
1. Login into the appliance and navigate to System > Certificates > Generate/Import
2. Choose a certificate name
TIP: Use the CA followed by the expiration date of the certificate; e.g. Comodo20181212
3. Go to the "Import an existing certificate" option. Choose the PKCS#12 file generated in the previous section, create a passphrase and enter the password for the PKCS#12 file (letters and numbers ONLY).
4. Click Generate/Import
5. Configure the certificate at System > Certificates > Configure
NOTE: Successful configuration can be tested at http://www.checktls.com/
Related Articles
- Windows Defender Smartscreen in Edge is blocking SonicWall's Rewritten Sandboxing URL
- How to manually create FTP backup from CLI - Email Security appliance
Categories
- Email Security > Email Security Appliance > Certificates
- Email Security > Email Security Software > Certificates
YES
NO