01-03-2018 02:43 PM - edited 03-08-2019 07:30 PM
I have 4 ESA's that each have their own certificate for doing TLS. We last renewed our certificates through Symantec and they gave us the new signed certs as well as an intermediate cert we added as well in the GUI looked like:
Issued To
Common Name (CN): Symantec Class 3 Secure Server CA - G4
Organization (O): Symantec Corporation
Organizational Unit (OU): Symantec Trust Network
Serial Number: 513FB9743870B73440418D30930699FF
Issued By
Common Name (CN): VeriSign Class 3 Public Primary Certification Authority - G5
Organization (O): VeriSign, Inc.
Organizational Unit (OU): (c) 2006 VeriSign, Inc. - For authorized use only
Issued On: Oct 31 00:00:00 2013 GMT
Expires On: Oct 30 23:59:59 2023 GMT
Now Digicert has taken Symantec's cert business. They sent us our new individual cert's as well as the following certificates:
DigiCert Global G2.cer
DigiCert Global Root CA.cer
DigiCert Global Root G3.cer
DigiCertGlobalCAG2.cer
DigiCertGlobalCAG3.cer
DigiCertECCSecureServerCA.cer
DigiCertSHA2SecureServerCA.cer
Do I need to do anything with these? I'll admit I am not real strong on the crypto stuff.
01-03-2018 10:29 PM
Hi,
Depending on which certificates you would like to use (Symantec or Digicert) you would need to install the correctly chained certificates under Network -> Certificates and then apply them on the ESA.
Regards,
Libin Varghese
01-10-2018 11:40 AM
Hi Tony, the Digicert root certs should already be in place on your ESAs. In addition to your renewed cert, you should only need to add the intermediate cert, which is the last one on your list, DigiCertSHA2SecureServerCA.cer.
Once installed, you can verify if they are correct using checktls.com.
Hope this helps.
Jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide