Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide
Create a Certificate Signing Request on an ESA
Document ID: 119429
Contributed by Jerry Orona and Enrico Werner, Cisco TAC Engineers.
Jan 13, 2016
Contents
Introduction
Create a CSR on an ESA
Configuration Steps on the GUI
Related Information
Create a CSR on an ESA
Configuration Steps on the GUI
Related Information
Introduction
This document describes how to create a certificate signing request (CSR) on an Email Security Appliance
(ESA).
(ESA).
Create a CSR on an ESA
As of AsyncOS 7.1.1, the ESA can create a self-signed certificate for your own use and generate a CSR to
submit to a certificate authority and obtain the public certificate. The certificate authority returns a trusted
public certificate signed by a private key. Use the Network > Certificates page in the GUI or the certconfig
command in the CLI in order to create the self-signed certificate, generate the CSR, and install the trusted
public certificate.
submit to a certificate authority and obtain the public certificate. The certificate authority returns a trusted
public certificate signed by a private key. Use the Network > Certificates page in the GUI or the certconfig
command in the CLI in order to create the self-signed certificate, generate the CSR, and install the trusted
public certificate.
If you acquire or create a certificate for the first time, search the Internet for "certificate authority services
SSL Server Certificates" and choose the service that best meets the needs of your organization. Follow the
service's instructions in order to obtain a certificate.
SSL Server Certificates" and choose the service that best meets the needs of your organization. Follow the
service's instructions in order to obtain a certificate.
Configuration Steps on the GUI
In order to create a self-signed certificate, click Add Certificate on the Network > Certificates page
in the GUI (or the certconfig command in the CLI). On the Add Certificate page, choose Create
Self-Signed Certificate
in the GUI (or the certconfig command in the CLI). On the Add Certificate page, choose Create
Self-Signed Certificate
.
1.
Enter this information for the self-signed certificate:
Common Name - The fully qualified domain name.
♦
Organization - The exact legal name of the organization.
♦
Organizational Unit - Section of the organization.
♦
City (Locality) - The city where the organization is legally located.
♦
State (Province) - The state, county, or region where the organization is legally located.
♦
Country - The two letter International Organization for Standardization (ISO) abbreviation of
the country where the organization is legally located.
the country where the organization is legally located.
♦
Duration before expiration - The number of days before the certificate expires.
♦
Private Key Size - Size of the private key to generate for the CSR. Only 2048-bit and 1024-bit
are supported.
are supported.
♦
2.
Click Next in order to view the certificate and signature information.
3.
Enter a name for the certificate. AsyncOS assigns the common name by default.
4.