Preparing a self-signed TLS certificate for import

A self-signed TLS certificate intended to be imported into Kaspersky Secure Mail Gateway must meet the following requirements:

• The certificate file must have a unique name in the list of certificates used in Kaspersky Secure Mail Gateway.
• The certificate file and the private key file must be in PEM format.
• The key length must be 1024 bits or longer.

By way of an example, below are instructions on how to prepare for import the self-signed TLS server certificate server_cert.pem, whose private key is contained in the key.pem file.

To prepare a self-signed TLS certificate for import into Kaspersky Secure Mail Gateway:

1. In the private key file, remove the password (if any) for accessing the certificate. To do so, execute the command:

   # openssl rsa -in <name of the private key file>.pem -out <name of the private key file with the password removed>.pem

   For example, you can execute the following command:

   # openssl rsa -in key.pem -out key-nopass.pem

2. Combine the private key and the server certificate in a single file. To do so, execute the command:

   % cat <name of the private key file with the password removed>.pem <name of the server certificate>.pem <name of the server certificate after the files were combined>.pem

   For example, you can execute the following command:

   % cat key-nopass.pem server_cert.pem > cert.pem

The self-signed TLS certificate (for example, cert.pem) is ready for import into Kaspersky Secure Mail Gateway.