This article explains how to create a Certificate Signing Request (CSR) for an SSL certificate and then import the certificate to Symantec Encryption Management Server (previously PGP Universal Server).
Services such as clustering and web messenger use the SSL protocol and require a server-side SSL/TLS certificate, which includes the host name for the IP address of the server on which the service is running. To issue a certificate, the Certificate Authority needs information found in a certificate request. The steps below illustrate how to create the CSR and import the Signed Certificate to the Network Interface for Symantec Encryption Management Server (SEMS).
To generate a Certificate Signing Request (CSR)
- Log into the SEMS Administrative interface.
- Navigate to System > Network and click on the Certificates button at the bottom of the page.
- Click Generate CSR.
NOTE: You can also choose to generate a Self Signed Certificate if you do not intend to use an external Signing Authority.
- Type in the Fully Qualified Domain Name (FQDN) for the server (Example: keys.pgp.com)
- Type an email address in the Contact Email field.
- Type your organization's name in the Organization Name field.
- Type your organization's unit designation in the Organization Unit field.
- Type a city or locality, as appropriate, in the City/Locality field.
- Type a state or province, as appropriate, in the Province/State field.
- Type a country in the Country field.
- To generate a Certificate Signing Request (CSR), click Generate CSR. If you choose this option, the certificate appears on the Certificate page labeled 'Pending.' When the certificate has been validated and returned by the Certificate Authority (CA), import the certificate.
- The New SSL/TLS Certificate dialog box disappears. The certificate request is created with the settings you specified. The CSR dialog box appears, showing the certificate request.
- Copy the contents of the CSR dialog box to a file, then click OK.
- Submit this file to your Certificate Authority (CA).
- Once the CA approves and sends the certificate back to you.
- After you receive the certificate from the CA, import it as your SSL Certificate.
Importing the SSL Certificate
- Click the plus sign icon in the Import column of the pending certificate you are adding. The Add Certificate to Key dialog box appears.
- Paste the validated certificate file that was sent to you by the CA into the Certificate Block box.
NOTE: SEMS/PGP Universal Server accepts PKCS 12 and Apache formatted certificates.
- Click Save.
- The Add Certificate to Key dialog box disappears. The certificate is ready for inspection and can be assigned to an interface.