This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I use a GoDaddy wildcard cert on my email appliance?

I have an email appliance with a self signed certificate. Everything has been running fine. But now I have customer who we cannot get emails from because their server rejects the self signed cert. I have a Wildcard SSL cert I purchased from Godaddy that I have used on a couple of Windows  servers, but I am not sure in what format to download, since this is not a windows server. My options are: Apache, Exchange, IIS, Mac OS X, Tomcat, and other. I have read it needs  a .pem format, but certs are something I don't usually go into and a little gun shy, so to speak. Or will I need to convert the  cert to that format with a conversion tool. Any ideas would be appreciated.



This thread was automatically locked due to age.
Parents
  • Don't know if you resolved this by now but I use godaddy cert with my appliance.  I use the same UCC cert on my exchange farm as on the sophos appliance so I import to IIS on exchange and then export to pfx.  I use openssl to carve it up into pieces and then copy and paste the text into a .pem that sophos needs.  Here are my dirty notes I have:

     

    • Import into an IIS server
    • Export Cert with private key from IIS (PFX)
    • Using OpenSSL (readily available on many Linux distributions) run the following commands:
    • Export the private key file from the pfx file:
      • openssl pkcs12 -in filename.pfx -nocerts -out key.pem
    • Export the certificate file from the pfx file:
      • openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
    • Remove the passphrase from the private key (guard this file as it is all an attacker needs to render your certificate useless):
      • openssl rsa -in key.pem -out server.key
    • Using a text editor, copy the information from the files created in step 3 and then 2 to create a .pem file. Make sure you save it using windows format from gedit if using linux. It should look like a huge perfect square and not one or two long contiguous lines of text. See format example below.
    • Import file on Sophos appliance and assign services to it. It will take a few minutes for the appliance to start using the new cert so be patient.
      .pem format example:

    -----BEGIN RSA PRIVATE KEY-----
    private key
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    the server certificate
    -----END CERTIFICATE-----

     

    HTH

Reply
  • Don't know if you resolved this by now but I use godaddy cert with my appliance.  I use the same UCC cert on my exchange farm as on the sophos appliance so I import to IIS on exchange and then export to pfx.  I use openssl to carve it up into pieces and then copy and paste the text into a .pem that sophos needs.  Here are my dirty notes I have:

     

    • Import into an IIS server
    • Export Cert with private key from IIS (PFX)
    • Using OpenSSL (readily available on many Linux distributions) run the following commands:
    • Export the private key file from the pfx file:
      • openssl pkcs12 -in filename.pfx -nocerts -out key.pem
    • Export the certificate file from the pfx file:
      • openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
    • Remove the passphrase from the private key (guard this file as it is all an attacker needs to render your certificate useless):
      • openssl rsa -in key.pem -out server.key
    • Using a text editor, copy the information from the files created in step 3 and then 2 to create a .pem file. Make sure you save it using windows format from gedit if using linux. It should look like a huge perfect square and not one or two long contiguous lines of text. See format example below.
    • Import file on Sophos appliance and assign services to it. It will take a few minutes for the appliance to start using the new cert so be patient.
      .pem format example:

    -----BEGIN RSA PRIVATE KEY-----
    private key
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    the server certificate
    -----END CERTIFICATE-----

     

    HTH

Children
No Data