Generate & Import An SSL Certificate Sonicwall


This article contains the steps required for generating a PKCS#12 file for import on an Email Security appliance.


The first step is to generate a private key which can be done either in Linux or Windows.

Generating a private key in Linux

Access terminal within a Linux box

Type in the following command (or paste)  The names of the CSR and privatekey (in italics) can be adjusted accordingly, but the file type needs to remain the same.

 openssl req -out my_csr.txt -new -newkey rsa:2048 -nodes -keyout privatekey.txt

Skip to Generating the PKCS#12 file.

Generating a private key in Windows

1. Go to and download the openssl-0.9.8h-1-setup.exe file.


2. Run the .exe and install to c:\openssl


3. After installation completes, copy and paste the following into a text editor and save as openssl.cnf to C:\openssl\bin

 NOTE: Edit the alt_names section to include any SAN names that are needed, no other sections need to be edited at this time

[ req ]

distinguished_name = req_distinguished_name

req_extensions = v3_req

[ req_distinguished_name ]

countryName = Country Name (2 letter code)

countryName_default = US

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = Arizona

localityName = Locality Name (eg, city)

localityName_default = Phoenix

0.organizationName                       = Organization Name (eg, company)

0.organizationName_default      = Test Bed USA

organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = IT

commonName = Common Name of device

commonName_default =

commonName_max = 64

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

subjectAltName = @alt_names


DNS.1 =

DNS.2 =

DNS.2 =


4. Open a command prompt & type or copy/paste cd c:\openssl\bin


5. Type openssl and press Enter, then paste the following command at the next prompt and move on to Generating the PKCS#12 file.

req -new -newkey rsa:2048 -nodes -keyout privatekey.txt -out my_csr.txt -config openssl.cnf


Generating the PKCS#12 file

1. Enter the information appropriate to the organization


2. Once the information is entered, two files will be created and placed in the C:\openssl\bin directory, my_csr.txt and privatekey.txt. Save them in a secure location.

3. Submit the my_csr.txt file to a Certificate Authority.

4. Download the necessary intermediate and root certificates.

5. From the command prompt, navigate to the openssl application as noted above and type or copy/paste the following to convert to PFX.

openssl pkcs12 -export – certificate.pfx -inkey privatekey.txt – certificate.crt – certfile CACert.crt

 NOTE: Edit the command with the appropriate information: certificate.pfx is the name of the converted certificate, privatekey.txt is the file generated in step 2, certificate.crt is the certificate generated by the CA, CACert.crt are the intermediate certs generated by the CA

6. Alternately, the certificate converter on can be used

 CAUTION: Using the converter is not recommended due to exposure of the private key to the internet

Importing the PKCS#12 file to the ES appliance

1. Login into the appliance and navigate to System > Certificates > Generate/Import

2. Choose a certificate name

 TIP: Use the CA followed by the expiration date of the certificate; e.g. Comodo20181212

3. Go to the “Import an existing certificate” option. Choose the PKCS#12 file generated in the previous section, create a passphrase and enter the password for the PKCS#12 file (letters and numbers ONLY).

4. Click Generate/Import

5. Configure the certificate at System > Certificates > Configure

 NOTE: Successful configuration can be tested at

Source :