How to create Ironport Cert for User Spam Quarantine

Brannon Vaughan · ‎07-15-2013

I can download the self signed cert and it puts it in a .pem format. I want to have my Domain Cert Server publish this to my users. I've never used a .pem file before....

Stephan Bayer · ‎07-16-2013

Hi,

You may have to convert the certificate after it is signed.

There are 3rd party sites such as

https://www.sslshopper.com/ssl-converter.html that will convert the certificate to pem for you.

Once it is signed, you can upload it back via the GUI.

GUI> Network > Certificates > Open your certificate > Upload signed certificate

Commit changes.

If this helps, please mark the question as answered in the forums by using the star rating system.

Thank you !

Stephan

Ken Stieers · ‎07-16-2013

Generally the MS cert server can't distribute a third party cert like this one, you have to use Group Policy. And you don't don't have to download/convert it, you can do it with IE...

On a machine with the Group Policy tools installed (eg your administrative machine), browse to the quarentine web site, make sure you get the cert error in the browser, click through it.

Click on the cert error in the browser bar and view the cert, go to the Details tab and click Copy to File, save it as a Base64 X-509 file...

Then create a new gp, or open one that all of your workstations get, and go to Computer Configuration> Policies>Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.

Right click an select "Import"

It should go to the Trusted Root Certification Authorities store.

Give it time to replicate, policy applied etc...

The other direction to go is have you enterprise cert authority issue a new cert and upload that to the WSA...