Cross-sign your CA certificate with the CSR file provided by Trend Micro for use by the cloud Gateway.
The internet access service allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro, and upload the cross-signed certificate on the Trend Micro Vision One management console. Cross-signing the CA certificate establishes a trusted relationship between the Trend Micro CA certificate and your organization's own CA certificate.
Your organization's CA certificate and the corresponding CA private key and its passphrase are already available.
The Path Length Constraint in your organization's CA certificate is set to None, so that there is no restriction on the CA certificates down in the hierarchy.
The administrator has a basic knowledge of openssl commands.
The names of the folders and files created in this section are user customizable.
000a
-----BEGIN CERTIFICATE REQUEST----- MIIEwjCCAqoCAQAwfTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQH DAJDVTEUMBIGA1UECgwLVHJlbmQgTWljcm8xDTALBgNVBAsMBFRNV1MxLzAtBgNV BAMMJlRyZW5kIE1pY3JvIFdlYiBTZWN1cml0eSBDbG91ZCBSb290IENBMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuHcSU43KYws7UxoyfH8RcnaO0cr/ HETn3npjrKxWy3+L8/RSPg/KjUgZhVIqcYgef40rsNoNrM67UwdRxlDpr7qKT47P ZFaIwMCpfqPFHYvnz7JlcomfeY576ksnMZ87X7ThK3ZqXAuuTUHeDUXep9QAWmPM Jwq15xGfPf28AR8jEfF8V0xbFHbyMYQyKpzbPDUGAgiLgKGiDsYkEpi65FfOGNKH jauQ+s1BlO/j9MLtp2Jf9me27iSyluD+ATo93a7Z3vlHBIyazENhPG7yJa971DBy 8FUhKWrrn1Nv2VBCT+4bVpKAvoIqhbFFytBcTRfq0dRMPmiB9ug2BjxDry5Uucko 8jMT2aN96M+Jm5Rlaq9W/ci7jkVgwDAAPtGDum8Eyxt38CRkmfFcMpXMOnPBdaDc vTXwIU+TSd2g8nJqHlD19Ijb1QuoRzA+45ByparF5/1QvPhd9nHKBUN+foNZJXBX dKBPtycjjL+8zeS3KXA2qo5gn2B6BOsG67O4/4uAEqEB7WsLpdCaKk4zrA5fiNyB arRsXY6ueuEnwkupxyswldzihj2/HNZtdk1pZQo9PIUe4PmuSoBJxvQwyBJ+AI9h OJ6UpTsS/UX9ei0z87ZBiLKPh4zUjZtPzI4UQErv3QigG/v+fnMmhEAOY0lTQfpq WoBsADZyLwzpZh0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCM/LyutXY4wDst LAO2W/xJIkG6+gT5Y++Yql7xoCuHvpr4sNGOuT3tY1XAiWLu86fQTLO5m70MzVYq 14fcAYhRzzv1WJNbzAxzSzagV5J01l9LsfRA8z1gBvFUfN4PmGoUfkx2pAFFPDt2 BOyZX/3TcZ8V/icRrhK36CZq8jMr2YMsA7zG3OVOLtYFZBa0JICcp9SWCc/6M4DG Rn2uNKMA69qq+xI1OkfcYxcxNf/Wlhwh7OEUVVyaeSglo/QFnq0TTmxxkWEpIsd8 B5TB9vUAS+al7jkKtpSVYR9Z2i6lPhN8AZrNkBsqI1MNtq5+CPo2+WPH9gTwuC+J 5Wu6UtrIUEatYuWUSGHNcDO6tmoxyLmE4g/AeyFERS5s6zUO7WRXJ5inYzr3JZAM 1B3sJo957ue7PofHw5bIZKqc46uUaVJJD+G19MuAR1QOSfvqvXDVUsYliy5h6P+e p5JICIe/5j8xyb273s7GVEbpMz2ZvvNaZDwCcMWL1S7zohw4wH7jzml0X2kr0oYs vpcNfoug/4IKj8Y2PVMYJwJadXOGFZGo+L7YOI5Cb4+4pzhH8+TetXSzEEMkozW9 4j7W64EfOZwaBv1XLqOwS3UoHTtB1ewsYoC2cyrJ6ypTqyPrGtbFnFYy2zmruLjA AFd65jMhNeeACg8sqfsfFOSmSluQ1A== -----END CERTIFICATE REQUEST-----
[ca] default_ca = rootca [crl_ext] #issuerAltName=issuer:copy #this would copy the issuer name to altname authorityKeyIdentifier=keyid:always [rootca] new_certs_dir = newcerts unique_subject = no certificate = root.cer #Your organization's CA certificate database = certindex private_key = root.key #Your organization's CA private key serial = serialfile default_days = 3660 #Should be at least two years from the date of cross-signing default_md = sha256 #sha256 is required. policy = myca_policy x509_extensions = myca_extensions [ myca_policy ] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = supplied organizationalUnitName = optional commonName = supplied emailAddress = optional [ myca_extensions ] #These extensions are required. basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always keyUsage = keyCertSign, cRLSign
A cross-signed certificate named 0A.pem is generated under folder newcerts.