Sign In with your
Trend Micro Account

若您需要技術支援,請 按此建立案件。

Signed certificate created from DigiCert cannot be imported to InterScan Messaging Security Virtual Appliance (IMSVA)

    • 更新於:
    • 28 Apr 2023
    • 產品/版本:
    • 作業系統:

When trying to import the renewed SMTP and HTTPS Certificate into the Interscan Messaging Security Virtual Appliance (IMSVA), it returns the following message:

Unable to import the file. No matched private key can be found.

Normally, the Certificate Signing Request (CSR) is generated from the IMSVA console and signed on Digicert. However, when the CSR is generated from the IMSVA console, there is no private key included. The private key is required for successful import.


Instead of the IMSVA console, generate the CSR via the built-in openssl command inside the IMSVA CLI window. Below are the steps:

  1. Open the CLI of the IMSVA VM and login as root.
  2. Enter the following commands to generate the CSR with private key:
    openssl genrsa -out /tmp/<imsva_key>.pem 2048
    openssl req -new -key /tmp/<imsva_key.pem> -out /tmp/<imsva_req.pem>
  3. Fill out the required information during the process of creating the CSR. If successful, the sample output should be seen below:
    [root@imsva ~]# openssl genrsa -out /tmp/imsva_key.pem 2048
    Generating RSA private key, 2048 bit long modulus
    e is 65537 (0x10001)
    [root@imsva ~]#
    [root@imsva ~]# openssl req -new -key /tmp/imsva_key.pem -out /tmp/imsva_req.pem
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [AU]:DE
    State or Province Name (full name) [Some-State]:Bavaria
    Locality Name (eg, city) []:Munich
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Trend Micro
    Organizational Unit Name (eg, section) []:Global Training
    Common Name (e.g. server FQDN or YOUR name) []:imsva.course.test
    Email Address []:
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [root@imsva ~]#
  4. Use a third-party tool (WinSCP, Filezilla, etc.) to retrieve the two files from the /tmp/ folder: <imsva_key>.pem and <imsva_req>.pem.
  5. Send the <imsva_req>.pem to Digicert for signing.
  6. After the certificate has been signed, go back to the IMSVA console and import the certificate.

    IMSVA Console

    Click the image to enlarge.

  7. Upload both the signed certificate and private key. In addition, enter the password previously set under Step 2 and once done, click the Import button.

    Upload Cert

    Click the image to enlarge.

  8. Once successfully imported, the new certificate should be listed under the SMTP and HTTPS Certificates tab.



若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.