Saturday, 29 January 2011

How to create a certificate for Ironport Email Security Appliance

This is a procedure to generate a certificate that you can import to your Ironport Email Security appliance.

Here are the basic steps:

  • Generate a certificate request using OpenSSL for Windows. Change the command line to your liking. The important thing is to change the "ironport.domain.com" to the URL that you want to use to access your Ironport appliance.
openssl req -new -newkey rsa:2048 -nodes -out ironport_domain_com.csr -keyout ironport_domain_com.key -subj "/C=HR/ST=Grad Zagreb/L=Zagreb/O=Organization/OU=IT/CN=ironport.domain.com"
  • Sign the request file (CSR) using Windows CA. You can use web application (https://servername/certsrv) of your Issuing CA and then paste the CSR there and use the Web Server template.
  • Convert the output CER file to PEM file  
openssl.exe x509 -in ironport.cer -inform der -out ironport.pem -outform pem
  • Generate a P12 file that includes private and public keys
openssl.exe pkcs12 -export -out ironport.p12 -in ironport.pem -inkey ironport_domain_com.key
  • Import the P12 file to your Ironport using the web GUI (Network > Certificate > Add Certificate)

No comments:

Post a Comment