Preparing a self-signed TLS certificate for import

A self-signed TLS certificate intended to be imported into Kaspersky Secure Mail Gateway must meet the following requirements:

• The certificate file must have a unique name in the list of certificates used in Kaspersky Secure Mail Gateway.
• The certificate file and the private key file must be in PEM format.
• The key length must be 1024 bits or longer.

By way of an example, below are instructions on how to prepare for import the self-signed TLS server certificate server_cert.pem, whose private key is contained in the key.pem file.

To prepare a self-signed TLS certificate for import into Kaspersky Secure Mail Gateway:

1. In the private key file, remove the password (if any) for accessing the certificate. To do so, execute the command:

   # openssl rsa -in <name of the private key file>.pem -out <name of the private key file with the password removed>.pem

   For example, you can execute the following command:

   # openssl rsa -in key.pem -out key-nopass.pem

2. Combine the private key and the server certificate in a single file. To do so, execute the command:

   % cat <name of the private key file with the password removed>.pem <name of the server certificate>.pem <name of the server certificate after the files were combined>.pem

   For example, you can execute the following command:

   % cat key-nopass.pem server_cert.pem > cert.pem

The self-signed TLS certificate (for example, cert.pem) is ready for import into Kaspersky Secure Mail Gateway.

See also Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway About using the TLS protocol in the operation of Kaspersky Secure Mail Gateway Configuring TLS security for Kaspersky Secure Mail Gateway in Server role Configuring TLS security for Kaspersky Secure Mail Gateway in Client role Creating a TLS certificate Deleting a TLS certificate Preparing to import a TLS certificate signed by a certification authority Importing the TLS certificate from file

Page top