Guest

Cisco Email Security Appliance

Install an SSL Certificate via the CLI on an ESA

Document ID: 117845

Updated: Jun 25, 2014

Contributed by David Armistead and Robert Sherwin, Cisco TAC Engineers.

   Print

Introduction

This document describes how to install a Secure Sockets Layer (SSL) certificate, which includes an SSL intermediate certificate, via the CLI on a Cisco Email Security Appliance (ESA).

Prerequistes

Cisco recommends that you have knowledge of these topics:

  • ESA
  • All versions of AsyncOS

Install a SSL Certificate

The ESA will prompt for the intermediate certificate after the server certificate. If needed, you can install more than one intermediate certificate.

Here is an example output.

Note: These are self-signed test certificates. Do not try to use them.



ironport.example.com> certconfig

Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]> setup

Do you want to use one certificate/key for receiving, delivery, HTTPS
management access, and LDAPS? [Y]>

paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


paste key in PEM format (end with '.'):
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----

.
key = -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9uHiDtQRZXEjEj5RBObDe/s2t40+o6Eur9QS9B7ZSkuLlYsK
F4r1/iYoh3zO7jS2ihLTu4Dp2UKJSbJmnrnKqgV5tnKdTo/PeF8VoqF4WaJATNcc
vZmbKWzDcCC8UTH211ZhS8IS85v3hvfiXsK1bleEZYSYRse2J/0NbxiJEwJoxTrg
kFZKxnCKZ5eI1zzjCXZqS6cNC1GGZX0YEVWD0npikRqjsWcXhLmycOz1T4k5hoGK
JCB/CJjg+Tk0T7s1qBI66G753j2CK8ko0cl3Z3JDxnsJAf097SJKU5BBiXrzGQES
v9+pReXnWY8oFWA83zM+y3tbV2MI/NLfMBdK3wIDAQABAoIBAQCmPpb9yznnqFao
e0QNW+M5AoHm+fq7LteEWPdmYbuKNvLIgXcLQWzCdimGirnBV8evlFv1gCp4PUC7
WqGVsqBQ+xzpiaZ594cKlGS6PacQHJzV4WieF+iO7YlxYOnOdymz+ZvM6uPeHSGC
Rjut+ck4g0BJKA9uYh88MD+ylr//Bqau0/H13/7Kxb337k9OwKLtgPnQe94/FPWx
d0Sb1UccFop/lNUuqBrjE9HUojADZtWAigJnBm8c4mG6gx3ZYlXP6PD2Ww7tkbcR
llh/x0xP4l4Rtt3DL2PMCusl/ukMdncuBjRl68zTuuJ4dCMkcv6ATTOkbFWp1B1d
fgBkmITZAoGBAP8pd3Rz30rMIndw4+ZtL/2afJSD9f0ytdZ7/mlQnutcRlCoSrbp
s5mFWXhryyzCEYHeapOX1Rjlp5CLj+2NAw30QEY07XArVxs0w/BB4TXsV/KheVqP
qDZAHTyE4BdXvtJFNOugu/P5OyYuYrSekWJrApZakGiH4ggoHuSd494TAoGBAPex
dIOE10SZG4y1lD0PdTdCpVrE4UrQC3jV9SX9a6LymaP4SARJ0FwzTTHDQbgvUF7R
vL3p3TouX5SDp0RnDWMA81LNRgZSa9wtJu9yXUhn9i7xISAaguLjyDCOKg2lVRsr
Kaq27kcIXmbdKNJu5ozjXz7TebJg/3NL9jtOSMmFAoGAU8Y8hwpoHHmrM0XoPUZK
BFyNXIF66ReWJgZtwAwNMT8Jgv/OEAHoypXCi0vw2BAbiWUJ3s1x1IvKGSYJKjgq
8ZDo7WQBNNu17KPFVQN8OqUPNwUW/8m8s5sXPkBuBpvzdbvtJROPwglpBx8hnyWU
nBiAL/cqBHfgmUb65ZqFLusCgYEA9nEzUh/75x7HEGshwNb+cyr2RqeY2MzCfUm0
DkZkr83dHA3N6aZfjzzj011IqC87MfxQZEypdlfpdWTAKgi2gwjREFN5FpUvB/RM
xvTs5zu479+ua7i0/XZRGi54nPchBFUfseEslrQ26PWmxijdbtRTUbkrXlWwFFFB
/qPXO9kCgYEA16IFZzR79c7mHROpfaUTibrZGYQUn5DggQKaGhaKN6RjI1ZvHUJS
xinp/HDHL2ce8DXsoXwE532xuLqO4ZchpB46DJ19xI1XL4wBk3Mp0NYR3qRPfnzU
VD3C4qagW3Bet+2Fe4ZHamQu27TMSl0IUpcDRjYzQFUSKIv9zDWBtUk=
-----END RSA PRIVATE KEY-----


Do you want add an intermediate certificate? [N]> y

paste intermediate cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----

.
intermediate cert = -----BEGIN CERTIFICATE-----
MIIDuDCCAqACCQD75TKsZ1SEvjANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwHhcNMDcwNDA2MTMwOTA4WhcNMDcwNTA2MTMwOTA4WjCBnTELMAkGA1UEBhMC
WkExEDAOBgNVBAgTB0dhdXRlbmcxFTATBgNVBAcTDEpvaGFubmVzYnVyZzEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDExJob3N0Lndp
ZGdpdHMuY28uemExJTAjBgkqhkiG9w0BCQEWFmlyb25wb3J0QHdpZGdpdHMuY28u
emEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD24eIO1BFlcSMSPlEE
5sN7+za3jT6joS6v1BL0HtlKS4uViwoXivX+JiiHfM7uNLaKEtO7gOnZQolJsmae
ucqqBXm2cp1Oj894XxWioXhZokBM1xy9mZspbMNwILxRMfbXVmFLwhLzm/eG9+Je
wrVuV4RlhJhGx7Yn/Q1vGIkTAmjFOuCQVkrGcIpnl4jXPOMJdmpLpw0LUYZlfRgR
VYPSemKRGqOxZxeEubJw7PVPiTmGgYokIH8ImOD5OTRPuzWoEjrobvnePYIrySjR
yXdnckPGewkB/T3tIkpTkEGJevMZARK/36lF5edZjygVYDzfMz7Le1tXYwj80t8w
F0rfAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEfFldNxToK5OXqripccxEVhEfai
zCiQqL4hWC9g0PZRyC7PP3DDIuPjrhF67FR/BL6LRxyZNDiBC3d4iQrue6dHPtNT
1Dzm3/3H9cz9CZ5b1fg+2opwWa4/FcU8oYTqlArxBfSVRUusZahh/6GIvG+nnPVc
luhYeWZkuuINsrF6urJk3uuX+Amg5/2B7wHcScsTqgif6NeDMuR9MB0lHuTcjiEK
otwPijO4H6lHya5MYa9dtIIRMJELfJYhkxmALhxOyfercZwqyImOh7gmH1ZtUo9/
5mS+hDKImkNfOQ2Pem1ymYBtbI05bIpa5ag6VyiCETzzqNzEiInIFZ9h9sg=
-----END CERTIFICATE-----


Currently using one certificate/key for receiving, delivery, HTTPS
management access, and LDAP.


Choose the operation you want to perform:
- SETUP - Configure security certificates and keys.
[]>

Note: Refer to the Obtaining Certificates section of the Email User Guide for more information about how to  obtain and install certifcates.

Related Information

Updated: Jun 25, 2014
Document ID: 117845