Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
Renew a Certificate on an Email Security
Appliance
Appliance
Document ID: 119004
Contributed by Stephan Bayer and Enrico Werner, Cisco TAC
Engineers.
Jul 07, 2015
Engineers.
Jul 07, 2015
Contents
Introduction
Renew a Certificate on the ESA
Update the Certificate Via the GUI
Update the Certificate Via the CLI
Related Information
Renew a Certificate on the ESA
Update the Certificate Via the GUI
Update the Certificate Via the CLI
Related Information
Introduction
This document describes how to renew an expired certificate on the Cisco Email Security Appliance (ESA).
Renew a Certificate on the ESA
If you have an expired certificate on your ESA (or one that will soon expire), you can simply update the
current certificate:
current certificate:
Download the Certificate Signing Request (CSR) file.
1.
Provide the CSR file to your Certificate Authority (CA) and request a Privacy−Enhanced Mail (PEM)
(X.509) signed certificate.
(X.509) signed certificate.
2.
Update your current certificate via one of the methods that are described in the sections that follow.
3.
Update the Certificate Via the GUI
In order to begin, navigate to Network > Certificates from the appliance GUI. Open your certificate and
download the CSR file via the link that is shown in the next image. If the ESA is a member of a cluster, you
must verify the other cluster member certificates and use the same method for each machine. With this
method, the private key remains on the ESA. The last step is to have the certificate signed by your CA.
download the CSR file via the link that is shown in the next image. If the ESA is a member of a cluster, you
must verify the other cluster member certificates and use the same method for each machine. With this
method, the private key remains on the ESA. The last step is to have the certificate signed by your CA.
Here is an example: