Gateway

Certificate Signing Request

NOTE: This feature is only available with Hermes SEG Pro License.

In this section, you can generate a Certificate Signing Request (CSR) that you can send to a Certificate Authority (CA) in order to generate a certificate. In addition to the CSR, Hermes SEG will also create the associated private key.

  1. Under the Country Name field, enter the two letter code of the country, for instance for United States enter US.
  2. Under the State or Province Name field, enter the full name of the state or province, e.g., Texas.
  3. Under the Locality Name field, enter the full name of the locality or city, e.g., Houston.
  4. Under the Organization Name field, enter the name of the organization or company, e.g., Widgets, Inc.
  5. Under the Organizational Unit Name field, enter the Organization Unit or department, e.g., IT Department.
  6. Under the Common Name field, enter the domain you want to secure. For example, if you want to secure www.domain.tld, you would simply enter domain.tld. Common names should not include http or https or www. Alternatively, if you want to secure the domain secure.domain.tld, you would simply enter secure.domain.tld. If you want to create a wildcard certificate CSR for the domain domain.tld, you would simply enter *.domain.tld.
  7. Under the Certificate Encryption Length field,  select the appropriate length (4096-bits is recommended).
  8. Under the Secure Hash Algorithm field, select the appropriate hash (SHA-512 is recommended). Note, that this particular setting may NOT be respected by the issuing CA. Some CAs will default to SHA-256.
  9. Click the Create Certificate Request button (Figure 1).

Figure 1

image-1606158510715.png

  1. After you click the Create Certificate Request button, the system will generate a .RAR archive file containing the CSR, the associated private key and it will provide a link on the bottom of the page to download the file (Figure 2).

Figure 2

image-1606158522153.png

Figure 3

image-1606158535472.png

  1. Extact the archive to a directory of your choice. The extracted contents will be two files, one will be the CSR named XXXXXXXX.csr.txt and the other one will be the private key named XXXXXXXX.key.txt where XXXXXX is a random system generated name (Figure 4).

Figure 4

image-1606158546105.png

  1. Ensure you keep the private key file in a safe place, and submit ONLY the contents of the CSR file to the Certificate Authority of your choice. Once the CA generates a certificate, you are going to need the private key to go along with the certificate.

SMTP TLS Settings

NOTE: This feature is only available with Hermes SEG Pro License.

By default, SMTP TLS support in Hermes SEG is disabled. In this section you can enable Hermes SEG TLS support as well as install the required certificates and private key in order to make it work.

Hermes SEG support two SMTP TLS methods:

SMTP TLS Available

In this mode, any time a remote SMTP server makes a connection,  Hermes SEG announces that it supports STARTTLS, however it does not require TLS encryption. This mode, is the recommended mode if you need TLS encryption.

SMTP TLS Required

In this mode, any time a remote SMTP server makes a connection, Hermes SEG announces STARTTLS and it will NOT accept email without TLS encryption. This mode should NEVER be used on a public facing Hermes SEG.

in order to enable any of the SMTP TLS methods, you will need PEM encoded certificates and an unecrypted Private Key.

A PEM encoded certificate is human readeable certificate that starts with:

-----BEGIN CERTIFICATE-----

and ends with

-----END CERTIFICATE-----

An unecrypted Private Key starts with:

-----BEGIN PRIVATE KEY-----

and ends with

-----END PRIVATE KEY-----

 

1. Certificate

  1. Under the SMTP TLS Settings section, ensure you select either SMTP TLS Available or SMTP TLS Required. Once you make the selection, the Paste Contents of CertificatePaste Conents of Unencrypted Key and the Paste Conents of Root and and Int CA Certificate fields will become enabled (Figure 1).

Figure 1

image-1606158615332.png

  1. Open your PEM encoded certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines.
  2. Under the Paste Contents of Certificate field, delete the existing contents so you are left with an empty field (if applicable).
  3. Paste the contents of the file you copied from Step 2 into the empty Paste Contents of Certificate field (Figure 2).

Figure 2

image-1606158622651.png

2. Unecrypted Key

  1. Open your unecrypted key with a text editor and select and copy the entire contents of the file to include the  -----BEGIN PRIVATE KEY-----  and the -----END PRIVATE KEY----- lines.
  2. Under the Paste Contents of Unecrypted Key field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the file you copied from Step 1 into the empty Paste Contents of Unecrypted Key field (Figure 3).

Figure 3