This document describes the certificate installation requirements for the Cisco Email Security Appliance (ESA) and the services for which the certificates can be used.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on the Cisco ESA that runs any version of AsyncOS.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
ESA Certificate Installation Requirements
You must have these items available in Privacy Enhanced Mail (PEM) format in order to install a certificate on the ESA:
- The X.509 certificate
- The private key that matches your certificate
- Any intermediate certificates that are provided by your Certificate Authority (CA)
ESA Services that Require Certificates
Certificates can be used for these four services:
- Inbound Transport Layer Security (TLS)
- Outbound TLS
- Lightweight Directory Access Protocol (LDAPS)