search cancel

Format of SSL/TLS Certificates in Messaging Gateway

book

Article ID: 172988

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

There is a question of how SSL/TLS certificates should be presented in a PEM file for import into Symantec Messaging Gateway (SMG).

Resolution

Format:

Certificates that are imported into the SMG must follow the following rules:

-----BEGIN CERTIFICATE-----
ASCII data for the SMG host CERTIFICATE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ASCII data for the Intermediate CERTIFICATE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ASCII data for the Root CERTIFICATE
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
ASCII data for the private key used to generate the SMG certificate
-----END RSA PRIVATE KEY-----

Addendum:

  • You may not need every part of the cert chain.
  • Private key is needed only if you did not create the CSR or the self-signed certificate in the SMG itself
  • To verify if the root certificate is already in the SMG: Go to Administration > Certificate Authority and look for the certificate.
  • If you are looking to convert certificates from other formats to x509, OpenSSL can be used for this task.