Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.0-698
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.0.0-404
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info


Certificates for Ironport

My certs for the SSL management page expired. I used my internal/private Microsoft CA to generate my own intranet certs and used them a few years ago.

The process was PAINFULL and seems to still be the case on the AsyncOS 7.x

Handling PEM files is the problem. I've read all the articles from the Ironport KB about converting the files before the ironport web site moved.

Is there a clean easy way to request a certificate on the Ironport, submit to a internal/private Microsoft CA, and load the cert onto the Ironport?

Anyone have these steps in a easy to follow doc?


We just did our digi-sign SSL certs last week, and a little painful.

We downloaded the OpenSSL kit and followed instructions here to generate the csr

and the installed using instructions here

I don't think this is quite what you need, but hope it helps.


I also recently updated the certificates on our C660s and am new to certificate management in general.  It was a little bit painful as the documentation is so fragmented.  I know there are probably 20 ways to accomplish this but rather than try to document all of them, just come up with one good way to do this and document it well.  I did use the OpenSSL utility on a WinXP box and followed your instructions and was able to get the job done fairly easily.

But as your customers we will always want more, which is what you want.

Long live the IronPort Nation,

Jason Meyer


The new version of AsyncOS 7.1.1-012 has lot of enhancements for certificates (generate CSR, Self-signed certs, Install signed certs via Web UI). Please take a look at the AsyncOS 7.1.1-012 release notes and User guide for additional information.

Hope this helps, if you have any feedback about this feature, please let us know.



I did look at the new cert capabilities in the new AsyncOS. It's just a graphics wrapper around the same problem.

If your not a linux shop, the PEM files are a pain in the @$@&$.

Self signed are ok for security, but do not provide synergy when your logging onto the web interface with a internal FQDN. You will get a cert warning everytime.

Most certificate servers provide p7b, cer, pfx but NOT PEM.

End users should not have to build a Open SSL box just to convert the certs, in both directions.

If I recall, I think I used my VMWARE linux box to do some of these steps....but this not acceptable and needs to improve.

I wasn't too impressed with the enhancements to be honest. A lot more could be done here.

Hi David,

Some of the enhancements that were mentioned were based upon feedback from customers. We are very open to any comments or suggestions for improvements to our product.  If there are specific recommendations for enhancements or new features we encourage our customers to contact customer support so that we may open a feature request.  Once the feature request is opened the information is passed on to the product development team who will then review the request and consider it for inclusion in a future release.  This process is quite painless and only takes a few minutes. We would be happy to hear from you.

Christopher C Smith


Cisco IronPort Customer Support 

Content for Community-Ad