Messaging Gateway

 View Only

  • 1.  SBG 7.7 certificate error

    Posted Nov 10, 2008 10:03 AM

    We finally moved SBG 7.7.0-17 into prod this weekend, discontinuing our old SMS SMTP 5.0.1. I revoked the Verisign SSL cert from SMS and reissued it with a CSR from SBG. It imported fine and shows up under Certificates settings correctly. However, when I try to select it under Control Center settings, I receive the error: "Cannot build a trusted certificate chain for the certificate. Please make sure that you have added all the necessary CA certificates."

     

    ?



  • 2.  RE: SBG 7.7 certificate error
    Best Answer

    Posted Nov 10, 2008 12:16 PM

    Thanks to Symantec support for the quick resolution:

     

    Apparently SBG doesn't ship with the latest Intermediate CA cert from Verisign. To get a Verisign cert working properly, an updated Intermediate CA cert needs to be imported into Administration --> Certificates --> Certificate Authorit. These certs are publically available for download from Verisign; in my case, I chose the one for a Non-EV Secure Site Certificate.

     

    Hope that helps someone else



  • 3.  RE: SBG 7.7 certificate error

    Posted Nov 18, 2008 07:08 AM
    Is it free ? I looked at Verisign but there is no free certificate.


  • 4.  RE: SBG 7.7 certificate error

    Posted Nov 18, 2008 08:57 AM

    i'm referring specifically to an Intermediate Certificate, which is now required in addition to a regular SSL certificate. The Intermediate CA is free, the regular cert is not.

     

    https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657



  • 5.  RE: SBG 7.7 certificate error

    Posted Nov 19, 2008 10:58 AM

    doni thanks for information but i need more help.

    I got the certificate and go to Administration / Certificates /Certificate Authority i can make update but at Control Center / Certificate User interface HTTPS certificate:there is only demo certificate.

    I also tried to make an import at TSL&HTTPS Certificates page but it gives an error "No stored certificate request matches this certificate"

    Sorry i don't understand anything about certifiacetes ,what will i do



  • 6.  RE: SBG 7.7 certificate error

    Posted Nov 19, 2008 11:53 AM

    Assuming you're looking to use a Verisign SSL certificate, let's start from the beginning. The first thing you need to do it create a new CSR (certificate signing request) in SBG. You then need to buy a certificate from Verisign and provide them this CSR in the process. They will then email you the actual cert (which they formulate based on the CSR) and you will import it into SBG. At that point it will appear in Control Center as an available cert. You will ALSO have to get the Intermediate CA I mentioned above and import that in SBG.

     

    1. Under Administration --> Certificates --> TLS & HTTPS Certs, click Add.

    2. Change the certificate type to Certification Authority Signed

    3. fill out the rest, click Request, copy the code of the request as indicated.

    4. Go to verisign.com, buy an SSL cert and paste the CSR code when asked

    5. After Verisign emails you the cert within 2 biz days, go back to TLS & HTTPS Certs in SBG and import it

    6. Go to verisign.com and download the correct Intermediate CA from the link I provided

    7. In SBG, go to Admin --> Certs --> Certificate Authority, click Update to upload the Intermediate CA

    8. In Control Center, select your new cert

     

    Please let us know if that clarifies things. Thanks



  • 7.  RE: SBG 7.7 certificate error

    Posted Nov 19, 2008 12:11 PM
    thanks for your big support i understand it now.I have to buy a certificate.