I have a problem. We bought two certificates from Verisign for our two ESAs, but when I clustered the ESAs one of the certificates was wiped out. Verisign provides the certificate in either a PKCS #7 or X.509 format. In order to add it back to the ESA, I need to convert it to PKCS #12, or use certconfig. But how am I supposed to get the private key???
Do I need to just create a new CSR and have Verisign reissue the certificate?
Any help I can get would be appreciated.
The ESA certificate process that you will need to follow depends on how your CSR was generated.
-If you did not generate the CSR on the IronPort appliance, you will need to ask your CA for a PKCS#12 formatted certificate. The PKCS #12 format is the only file format that can be used to export a certificate and its private key(pulled from the CSR you provided to your CA). This file can then be imported via the IronPort 'Certificates' GUI page.
(GUI: Network>Certificates>Add Certificate>Import Certificate).
-If you used the IronPort's CSR generation process, the private key remains on the IronPort. Ask your CA for an X.509(PEM) formatted certificate and import that, via the IronPort page of the previously generated CSR/certificate.
(GUI: Network>Certificates>click on certificate name you chose when CSR was generated>
Upload Signed Certificate).
You also add any Intermediate Certificate your CA provide, on the same page.
If you are not sure who generated the CSR, you should indeed issue a new CSR and send that to your CA. The following Knowledge Article documents the complete process.