Janu
ary 201
9
Legrand PDU User Guide 529
For Legrand PDU, if any required certificate is missing, a certificate error message similar to the following is
shown on the Legrand PDU web interface.
It is NOT recommended to upload the server certificate to the receiver except when it is a self-signed
certificate. Using self-signed server certificates is also not recommended and may not even work in all cases.
Order of the chain in the certificate file:
The order of a certificate chain's content in the certificate file uploaded to the receiver must look like the
following.
The top is the final intermediate certificate of the chain "B" if you have to upload a partial chain.
The bottom is always the root certificate "A".
When copying multiple certificates to a single file, make sure you also copy the lines of BEGIN
CERTIFICATE and END CERTIFICATE from each certificate.
Illustration - GMAIL SMTP Certificate Chain
If you will apply your company's SMTP service to Legrand PDU, ignore this GMAIL illustration topic.
Simply contact your IT department to retrieve the appropriate certificate (chain) file and upload it to the
Legrand PDU.
This section illustrates the upload of a TLS "root" certificate for using the "gmail.com" SMTP service.
Unlike normal TLS websites, where you can easily find its server certificate by using a Web browser, the
method to find an SMTP server's certificate is more difficult, which requires appropriate tools and sufficient
technical knowledge. For example, you may have to use the openssl command as illustrated below to
retrieve the certificate of the GMAIL SMTP server.
Step 1 -- Find the certificate(s) the SMTP server has:
1. Issue the following command in the appropriate command line application.
In the following example command, we assume the server "smtp.gmail.com" provides the SMTP
service. You can change the server name, port number, command or even the tool as needed.
openssl s_client -showcerts -connect smtp.gmail.com:465
Alternative: To view the certificate chain instead of all certificates, you can remove the "-showcerts"
option from the above command.
2. Information that shows the certificates the SMTP server has is displayed.
.