Информационное Руководство для Cisco Cisco Content Security Management Appliance M690
Contents
Introduction
How to generate and install a digital certificate on SMA?
Background
Create and export certificate on ESA
Convert the exported certificate
Import certificate to SMA - Option 1
Import certificate to SMA - Option 2
Verify the imported certificate
Related Information
Related Cisco Support Community Discussions
Introduction
This document describes how to generate a certificate on the Email Security Appliance (ESA) that
can be used on the Security Management Appliance (SMA).
can be used on the Security Management Appliance (SMA).
How to generate and install a digital certificate on SMA?
Background
The SMA does not support generating certificates on the appliance itself. Instead it is possible to
generate a self signed certificate on the ESA. This can be used as a workaround to create a
certificate for the SMA to be imported and used.
generate a self signed certificate on the ESA. This can be used as a workaround to create a
certificate for the SMA to be imported and used.
Create and export certificate on ESA
Create a self signed certificate under GUI: Network > Certificates > Add Certificate . It is
important, when creating a self signed certificate, for Common Name (CN) to use the
hostname of the SMA and not of the ESA, so that the certificate can be properly
used. Submit and commit changes.
important, when creating a self signed certificate, for Common Name (CN) to use the
hostname of the SMA and not of the ESA, so that the certificate can be properly
used. Submit and commit changes.
1.
Use GUI: Network > Certificates > Export Certificates to export certificate. Give it a file
name (e.g. mycert) and password that will be used when converting the certificate.
name (e.g. mycert) and password that will be used when converting the certificate.
2.
Convert the exported certificate
The exported certificate will be in .pfx format. The SMA only supports .pem format for importing,
so this certificate needs to be converted.To convert certificate from .pfx format to .pem format,
please use the following OpenSSL syntax.
so this certificate needs to be converted.To convert certificate from .pfx format to .pem format,
please use the following OpenSSL syntax.
After converting the certificate to the correct format both, the certificate and the corresponding
private key in .pem format should be present. It is important to have certifcate and private key
availabe. Only the certifcate without the private key cannot be imported into SMA. It is
private key in .pem format should be present. It is important to have certifcate and private key
availabe. Only the certifcate without the private key cannot be imported into SMA. It is