after upgrading our ESA to v14.2.2 a Cisco ESA Certificat aka default_cert was created and now has expired, and never was used. Due to its expiration, it's throwing email notifications regularly, which is annoying and leads to justification to our manager.
We'd like to delete it, but at post 4682087 (https://community.cisco.com/t5/email-security/delete-default-esa-certificate/td-p/4682087) "By design, ESA doesn't allow to delete the default cert and what you are currently seeing is an expected behaviour. You need to bear with it" which I can confirm. Sad but true via GUI as well as SSH this seems to be impossible (at least I wasn't able to do so)
(How) is it possible to renew it, (or otherwise) to avoid the mail notifications to regularly come back?
Thanks in advance,
Solved! Go to Solution.
Thank you for the feedback, Ken.
I know we renewed the demo certificate during upgrades in the past, but I do not believe that is the case any longer. Ideally, the demo cert is used during initial setup, and then customers move away from it and use either their own self-signed certificate or move to a third-party signed certificate.
I agree that it would make sense to be able to make some form of modifications and will look into filing some enhancements on this topic.
Thank you Ken, I totally agree with you, beeing able to do these things by ourself. This takes me (wasting) some valuable time to open a TAC case now, for an unused certificate to renew (or delete) to avoid annoying recurring mail notifications ....
Also I agree with your second post about "if an interface has no "secured" services enabled ... the default certificate gets assigend" and " if you enable a service, apply a cert, then turn off the service, it reverts to the default cert." - which lead me to keep an unnecessary service running on any interface which we "could" avoid (especially for security reasons") ...