Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Generate & Import a SSL certificate (PKCS#12) file for import on an Email Security appliance

06/20/2022 367 People found this article helpful 119,590 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article contains the steps required for generating a PKCS#12 file for import on an Email Security appliance.

    Resolution

    The first step is to generate a private key which can be done either in Linux or Windows.


    Generating a private key in Linux

    Access terminal within a Linux box

    Type in the following command (or paste)  The names of the CSR and privatekey (in italics) can be adjusted accordingly, but the file type needs to remain the same.


     openssl req -out my_csr.txt -new -newkey rsa:2048 -nodes -keyout privatekey.txt


    Skip to Generating the PKCS#12 file.


    Generating a private key in Windows

    1. Go to http://gnuwin32.sourceforge.net/packages/openssl.htm and download the openssl-0.9.8h-1-setup.exe file.


    Image


    2. Run the .exe and install to c:\openssl

    Image


    3. After installation completes, copy and paste the following into a text editor and save as openssl.cnf to C:\openssl\bin

    NOTE: Edit the alt_names section to include any SAN names that are needed, no other sections need to be edited at this time

    [ req ]

    distinguished_name = req_distinguished_name

    req_extensions = v3_req


    [ req_distinguished_name ]

    countryName = Country Name (2 letter code)

    countryName_default = US

    stateOrProvinceName = State or Province Name (full name)

    stateOrProvinceName_default = Arizona

    localityName = Locality Name (eg, city)

    localityName_default = Phoenix

    0.organizationName                       = Organization Name (eg, company)

    0.organizationName_default      = Test Bed USA

    organizationalUnitName = Organizational Unit Name (eg, section)

    organizationalUnitName_default = IT

    commonName = Common Name of device

    commonName_default = mail.example.com

    commonName_max = 64


    [ v3_req ]

    basicConstraints = CA:FALSE

    keyUsage = nonRepudiation, digitalSignature, keyEncipherment

    subjectAltName = @alt_names


    [alt_names]

    DNS.1 = RA1.example.com

    DNS.2 = RA2.example.com

    DNS.2 = CC1.example.com

    Image


    4. Open a command prompt & type or copy/paste cd c:\openssl\bin

    Image


    5. Type openssl and press Enter, then paste the following command at the next prompt and move on to Generating the PKCS#12 file.

    req -new -newkey rsa:2048 -nodes -keyout privatekey.txt -out my_csr.txt -config openssl.cnf

    Image


    Generating the PKCS#12 file

    1. Enter the information appropriate to the organization

    Image


    2. Once the information is entered, two files will be created and placed in the C:\openssl\bin directory, my_csr.txt and privatekey.txt. Save them in a secure location.

    3. Submit the my_csr.txt file to a Certificate Authority.

    4. Download the necessary intermediate and root certificates.

    5. From the command prompt, navigate to the openssl application as noted above and type or copy/paste the following to convert to PFX.

    openssl pkcs12 -export - certificate.pfx -inkey privatekey.txt - certificate.crt - certfile CACert.crt

    NOTE: Edit the command with the appropriate information: certificate.pfx is the name of the converted certificate, privatekey.txt is the file generated in step 2, certificate.crt is the certificate generated by the CA, CACert.crt are the intermediate certs generated by the CA

    6. Alternately, the certificate converter on https://www.sslshopper.com/ssl-converter.html can be used

    CAUTION: Using the converter is not recommended due to exposure of the private key to the internet


    Importing the PKCS#12 file to the ES appliance


    1. Login into the appliance and navigate to System > Certificates > Generate/Import

    2. Choose a certificate name

    TIP: Use the CA followed by the expiration date of the certificate; e.g. Comodo20181212

    3. Go to the "Import an existing certificate" option. Choose the PKCS#12 file generated in the previous section, create a passphrase and enter the password for the PKCS#12 file (letters and numbers ONLY).

    4. Click Generate/Import

    5. Configure the certificate at System > Certificates > Configure

    NOTE: Successful configuration can be tested at http://www.checktls.com/




    Related Articles

    • Windows Defender Smartscreen in Edge is blocking SonicWall's Rewritten Sandboxing URL
    • How to manually create FTP backup from CLI - Email Security appliance

    Categories

    • Email Security > Email Security Appliance > Certificates
    • Email Security > Email Security Software > Certificates

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:dd05288e52973a5809ba22c373a5ba22-70