Format of SSL/TLS Certificates in Messaging Gateway

search cancel

Format of SSL/TLS Certificates in Messaging Gateway

book

Article ID: 172988

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

There is a question of how SSL/TLS certificates should be presented in a PEM file for import into Symantec Messaging Gateway (SMG).

Resolution

Format:

Certificates that are imported into the SMG must follow these rules:

The format must be in x509/PEM/Base-64 and comply with RFC 5280. For more details, see PEM format requirements for certificates and domain keys.
The recommended format of placing a cert chain together is:

-----BEGIN CERTIFICATE----- ASCII data for the SMG host CERTIFICATE -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ASCII data for the Intermediate CERTIFICATE -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ASCII data for the Root CERTIFICATE -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- ASCII data for the private key used to generate the SMG certificate -----END RSA PRIVATE KEY-----

Addendum:

You may not need every part of the cert chain:

Root and intermediate certificates might already exist in the Certificate Authority tab
- To verify if the root certificate is already in the SMG: Go to Administration > Certificate Authority and look for the certificate.
Intermediate certificates might not be needed (rare), or there might be more than one intermediate certificate needed (uncommon)
The private key is needed only if you did not create the CSR or the self-signed certificate in the SMG itself

Feedback

thumb_up Yes

thumb_down No