02-02-2012 12:32 PM
Is it better to run your internal root cert on the ironport or can I place a 3rd party (verisign, godaddy) cert on ironport? If it is better to use a 3rd party cert, how do i create the CSR (certificate signing request) on ironport?
02-02-2012 01:43 PM
Justin,
I suspect that a 3rd party cert is technically better, you're not exposing your internal root to accidental mishandling... but its nice, since 1, you have it already, 2 (assuming an AD integrated Enterprise Root) your workstations already trust it.
The Ironport won't create a key request.
Get OpenSSL, and use that to do the following:
generate a private key 'openssl genrsa -out privkey.pem 2048
generate a cert request 'openssl req -new -key privkey.pem -out cert.csr'
If you have to decrypt your private key 'openssl rsa - in privkey.pem -out deckey.key
Upload the request to the SSL vendor, get your cert
Then upload the decrypted key and cert to the WSA.
Ken
02-02-2012 01:53 PM
So what if i would like to use our internal root cert. I still need to create a cert for ironport right? then upload our root cert correct? that would complete the cert chain.
02-02-2012 02:08 PM
If you put your internal root and key on the ironport, you don't HAVE to create a cert for the ironport.
If you do issue a cert for the ironport, you'll upload the cert, the key, and the intermediate chain as a trusted root.
02-02-2012 02:21 PM
Do i place the enterprise root under the "HTTPS Proxy Settings" page or under the "Custom Root Authority Certificates" page? Both pages are located under Security Services->Https Proxy.
02-02-2012 02:28 PM
If you're using it as the only cert, then put it in the Edit HTTPS Proxy Settings page, just below where you tell it to generate a selfsigned cert.
If you generated one off of your cert authority, you'd put the root cert chain in the Custom Root Authority Certificates. (I think...)
Hmm... I may have exported the cert with all of the certs in cert path and uploaded that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide