Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3004
Views
0
Helpful
2
Replies

Adding an existing certificate to an ESA

Go to solution
RSteveKadish
Level 1
Level 1

‎01-20-2012 04:59 PM

Hi all,

I have a problem.  We bought two certificates from Verisign for our two ESAs, but when I clustered the ESAs one of the certificates was wiped out.  Verisign provides the certificate in either a PKCS #7 or X.509 format.  In order to add it back to the ESA, I need to convert it to PKCS #12, or use certconfig.  But how am I supposed to get the private key??? 

Do I need to just create a new CSR and have Verisign reissue the certificate?

Any help I can get would be appreciated. 

Thanks,

- Steve

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jeronimo Orona
Level 1
Level 1

‎01-24-2012 04:29 PM

Hello Steve,

The ESA certificate process that you will need to follow depends on how your CSR was generated.

-If you did not generate the CSR on the IronPort appliance, you will need to ask your CA for a PKCS#12 formatted certificate. The PKCS #12 format is the only file format that can be used to  export a certificate and its private key(pulled from the CSR you provided to your CA). This file can then be imported via the IronPort 'Certificates' GUI page.

(GUI: Network>Certificates>Add Certificate>Import Certificate).

-If you used the IronPort's CSR generation process, the private key remains on the IronPort. Ask your CA for an X.509(PEM) formatted certificate and import that, via the IronPort page of the previously generated CSR/certificate.

(GUI: Network>Certificates>click on certificate name you chose when CSR was generated>

Upload Signed Certificate).

You also add any Intermediate Certificate your CA provide, on the same page.

If you are not sure who generated the CSR, you should indeed issue a new CSR and send that to your CA. The following Knowledge Article documents the complete process.

http://tinyurl.com/32wdqe4

Regards,

-Jerry Orona

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jeronimo Orona
Level 1
Level 1

‎01-24-2012 04:29 PM

Hello Steve,

The ESA certificate process that you will need to follow depends on how your CSR was generated.

-If you did not generate the CSR on the IronPort appliance, you will need to ask your CA for a PKCS#12 formatted certificate. The PKCS #12 format is the only file format that can be used to  export a certificate and its private key(pulled from the CSR you provided to your CA). This file can then be imported via the IronPort 'Certificates' GUI page.

(GUI: Network>Certificates>Add Certificate>Import Certificate).

-If you used the IronPort's CSR generation process, the private key remains on the IronPort. Ask your CA for an X.509(PEM) formatted certificate and import that, via the IronPort page of the previously generated CSR/certificate.

(GUI: Network>Certificates>click on certificate name you chose when CSR was generated>

Upload Signed Certificate).

You also add any Intermediate Certificate your CA provide, on the same page.

If you are not sure who generated the CSR, you should indeed issue a new CSR and send that to your CA. The following Knowledge Article documents the complete process.

http://tinyurl.com/32wdqe4

Regards,

-Jerry Orona

0 Helpful

Go to solution
RSteveKadish
Level 1
Level 1
In response to Jeronimo Orona

‎01-25-2012 06:56 AM

Hi Jerry,

Thanks very much for replying.  The CSR were generated using the IronPort.  The difficulty lay in the fact that the certficate was overwritten when I clustered the appliances.  Therefore the option to upload the signed certificate wasn't available. 

I've already had new certificates issued by Verisign to resolve the problem.

Thanks,

- Steve

0 Helpful
Customers Also Viewed These Support Documents