Cisco Cisco Email Security Appliance C680 User Guide

Open a command prompt on the Enterprise Manager server. 

Change to 

C:\Program Files\RSA\Enterprise Manager\etc

.

Run the following command:

"%JAVA_HOME%/bin/java" -cp ./emcerttool.jar

com.rsa.dlp.tem.X509CertGenerator -clientservercasigned -cacn <NAME OF CAPROVIDED DURING 

INSTALL> -cakeystore catem-keystore -castorepass <PASSWORD FOR CA PROVIDED DURING 

INSTALL>  -cn <DEVICE_CN> -storepass <DEVICE STORE PASSWORD> -keystore <NAME OF DEVICE 

STORE>

The common name of the certificate must be the hostname of the Email Security appliance. 

If Enterprise Manager manages the connected Email Security appliances at the group or cluster 
level, each appliance requires a certificate with a Common Name that matches the hostname of 
that appliance. 

A sample command may look like the following:

"%JAVA_HOME%/bin/java" -cp ./emcerttool.jar

com.rsa.dlp.tem.X509CertGenerator -clientservercasigned -cacn emc-cisco

-cakeystore catem-keystore -castorepass esaem -cn ironport -storepass esaem

-keystore device-store

You can also use the following additional command-line switches: 

-org <value in double quotes if it contains space>

-orgunit <value in double quotes if it contains space>

-title <value in double quotes if it contains space>

-validity <number of days>

This procedure outputs the <

device-store>.p12

 file to the same folder. 

This .p12 file is the certificate that you will upload to the Email Security appliance. 

You will also need: 

The .pem file from this folder, to import into the custom certificate authority list on the Email 
Security appliance. 

The Device Store password that you entered.