Format of SSL/TLS Certificates in Messaging Gateway

search cancel

Format of SSL/TLS Certificates in Messaging Gateway

book

Article ID: 172988

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

There is a question of how SSL/TLS certificates should be presented in a PEM file for import into Symantec Messaging Gateway (SMG).

Resolution

Format:

Certificates that are imported into the SMG must follow the following rules:

The format must be in x509/PEM/Base-64 and comply with RFC 5280. For more details, see PEM format requirements for certificates and domain keys.
The recommended format of placing a cert chain together is:

-----BEGIN CERTIFICATE----- ASCII data for the SMG host CERTIFICATE -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ASCII data for the Intermediate CERTIFICATE -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ASCII data for the Root CERTIFICATE -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- ASCII data for the private key used to generate the SMG certificate -----END RSA PRIVATE KEY-----

Addendum:

You may not need every part of the cert chain.
Private key is needed only if you did not create the CSR or the self-signed certificate in the SMG itself
To verify if the root certificate is already in the SMG: Go to Administration > Certificate Authority and look for the certificate.
If you are looking to convert certificates from other formats to x509, OpenSSL can be used for this task.

Feedback

thumb_up Yes

thumb_down No