Cisco Cisco Email Security Appliance C160 Mode D'Emploi

24-5

User Guide for AsyncOS 9.7 for Cisco Email Security Appliances

Chapter 24 Encrypting Communication with Other MTAs

Working with Certificates

Step 5

Click Next.

Step 6

Enter a name for the certificate. By default, AsyncOS assigns the common name previously entered.

Figure 24-1

shows an example of a self-signed certificate.

Figure 24-1

View Certificate Page

Step 7

If you will submit this certificate as a Certificate Signing Request (CSR), click Download Certificate
Signing Request to save the CSR in PEM format to a local or network machine.

Step 8

Submit and commit your changes.

What To Do Next

See the appropriate next step:

•

Deploying a Signed Certificate, page 24-3

•

Deploying Self-Signed Certificates, page 24-3

About Sending a Certificate Signing Request (CSR) to a Certificate Authority

A certificate authority is a third-party organization or company that issues digital certificates used to
verify identity and distributes public keys. This provides an additional level of assurance that the
certificate is issued by a valid and trusted identity. You may purchase certificates and private keys from
a recognized certificate authority. Cisco does not recommend one service over another.

The Email Security appliance can create a self-signed certificate and generate a Certificate Signing
Request (CSR) to submit to a certificate authority to obtain the public certificate. The certificate
authority will return a trusted public certificate signed by a private key. Use the Network > Certificates
page in the web interface or the

certconfig

command in the CLI to create the self-signed certificate,

generate the CSR, and install the trusted public certificate.

Duration before expiration

The number of days before the certificate expires.

Private Key Size

Size of the private key to generate for the CSR. Only 2048-bit and 1024-bit
are supported.