Email: Generating and importing a CA signed certificate
- Article Number: 000006458
- Products: Forcepoint Email Security, TRITON AP-EMAIL
- Version: 8.5, 8.4, 8.3
- Last Published Date: July 24, 2020
Notes & Warnings
Note To Instead generate a Certificate Signing Request (CSR) utilizing Microsoft Internet Information Services (IIS), see Email SSL/TLS Certificate from a Third-Party Certificate Authority (CA)
How do I generate and import a CA signed certificate for TLS with Forcepoint Email Protection products (such as Forcepoint Email Security or TRITON AP-EMAIL)?
From the Forcepoint management server, as an Administrator, launch a command prompt and navigate to the ‘C:\Program Files (x86)\Websense\EIP Infra\apache\bin’ folder .
Note: This DNS.hostname should be the same name used in your 'FSM > Settings > System Settings > Fully Qualified Domain Name (FQDN)' (also known as the HELO/EHLO name) and should resolve both the Forward (A Record) and Reverse (PTR Record) DNS lookup records to the same Public IP address to ensure recipient mail servers can fully verify your mail server's identity.
Example data follows:
C:\Program Files (x86)\Websense\EIP Infra\apache\bin> openssl req -new -key tls.key -out certificaterequest.csr
Enter pass phrase for tls.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) :Texas
Locality Name (eg, city) [Default City]:Austin
Organization Name (eg, company) [Default Company Ltd]:Contoso
Organizational Unit Name (eg, section) :IT Dept
Common Name (eg, your name or your server's hostname) :mail.contoso.com
Email Address :firstname.lastname@example.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
C:\Program Files (x86)\Websense\EIP Infra\apache\bin>
ESG - How to create .pfx with full certificate chain
Keywords: certificate; tls; ssl; vulnerability; fsm; smtp connection; email relay configuration; import certificate; openssl