Open with table of contents

Create a TLS private key and Certificate Signing Request (CSR)

Before you can begin the process of obtaining a signed certificate, you must first create a private key, then a Certificate Signing Request (CSR) from the console on the Email Gateway.

  1. Connect to the Email Gateway using SSH.

    1. Enable network access for your computer to the Email Gateway using SSH (Secure Shell).
    2. From your computer, connect to the Email Gateway using an SSH utility such as PuTTY for Windows.
    3. At the login as prompt, type cs-admin.
    4. At the password prompt, type the cs-admin password that you created during the initial Email Gateway setup.

      The default cs-admin password is password.

    5. On the Clearswift Server Console menu, select Open Terminal Session, and then press OK.
    6. Re-enter your cs-admin password at the password prompt.
    7. At the $ prompt, type the following command:

      sudo su -

      Once you re-enter your cs-admin password at the password prompt, you can now enter commands with root privileges.

  2. Create the TLS private key.

    You now use the OpenSSL utility on the Email Gateway to create the TLS private key.

    • At the # prompt, type the following command:

      openssl genrsa -out emailgateway.key 4096 -sha256

    This command creates an RSA 4096-bit private key and stores it in the PEM-format file PEM (Privacy-Enhanced Mail) emailgateway.key.

     

    You must protect the private key file by storing it in a secure location.

    We recommend that you restrict access to the server so that only authorized server administrators have access to the private key file.

  3. Create the TLS Certificate Signing Request (CSR).

    You now use the OpenSSL utility on the Email Gateway to create the Certificate Signing Request (CSR).

    • At the # prompt, type the following command:

      openssl req -new -key emailgateway.key -out emailgateway.csr

    This command prompts for the following X.509 attributes of your digital certificate:

    This command creates a Certificate Signing Request and stores it in the PEM-format file emailgateway.csr.

    4. ClosedWhen you have finished

    You have now created a public/private key pair. The private key is used for decryption and must be stored locally on the Email Gateway. The public key (in the form of the Certificate Signing Request file), is used to register the certificate with the CA.

    File name Description
    emailgateway.key The private key file.
    emailgateway.csr The Certificate Signing Request file: it contains your public key.
    1. Move the CSR file to the /home/console directory on the Email Gateway server by typing the following command:

      mv emailgateway.csr /home/console

    2. Copy the CSR file securely from the Email Gateway server to a desktop computer.
  4. Save the CSR to your local machine.

    You can now use the open SSH session to copy your CSR for submission to your certificate authority (CA).

    1. Create a .txt file named emailgateway.txt on your computer.
    2. At the # prompt, type the following command:
      cat emailgateway.csr
      This outputs the CSR, starting with "begin certificate request" and ending with "end certificate request".
    3. Copy the output, including the begin and end markers, and paste it into the emailgateway.txt file.
    4. Save the .txt file, close it, and rename it to emailgateway.csr.

    5. See also...

© 1995–2018 Clearswift Ltd.