When you receive your certificates from Digi-Sign there will be your site certificate (named yourdomain.cer) plus 2 others (UTN-USERFirst-Hardware.crt and
Digi-SignCADigi-SSLXp.crt or Digi-SignCADigi-SSLXs.crt), these 2 must be installed as a Trusted Certificate Authority [1] CA and Certificate Chain.
*** Install the SSL Certificate ***
On Ironport's operating system, Async 5.5, you can't install the SSL certificate via the GUI. You must login to the command line (CLI). You can SSH into the CLI and type the following command sequence:
ironport> certconfig
[]> setup
ironport output: paste cert in PEM format (end with '.'):
Copy and paste the .crt/.cer file, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. If you're using windows, you may need to open this file with wordpad/notepad.
ironport output: paste key in PEM format (end with '.'):
Copy and paste the server.key.PEMunsecure file.
If you received an intermediate CA certificate, you need to perform an additional step:
ironport output: Do you want to add an intermediate certificate? [N]> Y
Copy and paste the contents of the intermediate CA certificate file here.
ironport>commit
Links:
[1] http://www2.digi-sign.com/certificate+authority