By default, Kaspersky Secure Mail Gateway 2.0 MR1 uses a self-signed certificate automatically generated during cluster node deployment as the SSL certificate of the cluster node. When logging in to the application web interface with this certificate, the browser displays an insecure connection warning. For convenience and improved security, when using the web interface, you can replace the default certificate of the node with a certificate issued by a trusted certification authority.
To replace the SSL certificate of a cluster node, you will need the following files:
You can prepare the private key file and the certificate on your own, or alternatively you can obtain ready-to-use files from a certification authority.
Steps involved in replacing the SSL certificate of the cluster node and creating the private key and certificate files on your own
You will receive one of the following files from the certification authority:
Depending on the type of the file obtained at the previous step, do one of the following:
Steps involved in replacing the SSL certificate of the cluster node using private key and certificate files provided by a certification authority
The private key and certificates are provided as a PFX container (PKCS#12 format, PFX or P12 extension).
If your organization uses the Active Directory Certification Services service as the certification authority, use the Web Server template to create the certificate. Save the result as a certificate chain in the DER encoding.