03-14-2023 01:04 AM
Dear all,
after upgrading our ESA to v14.2.2 a Cisco ESA Certificat aka default_cert was created and now has expired, and never was used. Due to its expiration, it's throwing email notifications regularly, which is annoying and leads to justification to our manager.
We'd like to delete it, but at post 4682087 (https://community.cisco.com/t5/email-security/delete-default-esa-certificate/td-p/4682087) "By design, ESA doesn't allow to delete the default cert and what you are currently seeing is an expected behaviour. You need to bear with it" which I can confirm. Sad but true via GUI as well as SSH this seems to be impossible (at least I wasn't able to do so)
(How) is it possible to renew it, (or otherwise) to avoid the mail notifications to regularly come back?
Thanks in advance,
Mario
Solved! Go to Solution.
03-14-2023 10:00 AM
Hello,
I'd advise opening a Cisco TAC case. We can assist with renewing the demo certificate if it's expired and/or provide you with additional guidance on the alerts.
Thanks!
-Dennis M.
03-14-2023 10:00 AM
Hello,
I'd advise opening a Cisco TAC case. We can assist with renewing the demo certificate if it's expired and/or provide you with additional guidance on the alerts.
Thanks!
-Dennis M.
03-14-2023 10:03 AM
03-19-2023 05:06 PM
Thank you for the feedback, Ken.
I know we renewed the demo certificate during upgrades in the past, but I do not believe that is the case any longer. Ideally, the demo cert is used during initial setup, and then customers move away from it and use either their own self-signed certificate or move to a third-party signed certificate.
I agree that it would make sense to be able to make some form of modifications and will look into filing some enhancements on this topic.
Thanks!
-Dennis M.
03-19-2023 05:15 PM
03-20-2023 09:13 AM - edited 03-20-2023 09:13 AM
Thank you Ken, I totally agree with you, beeing able to do these things by ourself. This takes me (wasting) some valuable time to open a TAC case now, for an unused certificate to renew (or delete) to avoid annoying recurring mail notifications ....
Also I agree with your second post about "if an interface has no "secured" services enabled ... the default certificate gets assigend" and " if you enable a service, apply a cert, then turn off the service, it reverts to the default cert." - which lead me to keep an unnecessary service running on any interface which we "could" avoid (especially for security reasons") ...
03-20-2023 09:05 AM
Thank you Dennis for your fast reply,
then I'll go opening Cisco TAC case, though I'm not happy with not being able to to that by myself ...
Kind regards,
M.
07-22-2024 05:23 AM
Hi, is there a solution for this problem ? I'vo got the message that I want to resolve : "You are currently using a demonstration certificate (Cisco Secure Email Certificate) which is not secure and i not recommended for general use. Create or import a certificate using the Network > Certificates > Add Certificate option..."
07-22-2024 05:29 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide