cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5787
Views
1
Helpful
5
Replies

CISCO SMA: Certificate Installation

a.zahid
Level 1
Level 1

Hi,

 

We need to install cert for cisco SMA as shown below.

I’ve read at https://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html on how to install the cert via CLI.

However, I have a few concern before proceeding with the task:

 

  1. Will this have any impact on email traffic?
  2. Noted that there’s an option for Inbound TLS, Outbound TLS, HTTPS, LDAPS. We are currently looking into HTTPS only, but it seems I need to install a cert for all four. Any way we can only install on HTTPS?
  3. Can we use the wildcard cert, example, *.car.com.my?

Thank you.

2 Accepted Solutions

Accepted Solutions

dmccabej
Cisco Employee
Cisco Employee

Hello,

 

  1. No, it should not impact any email traffic. 
  2. Yes, you can. You would need to choose the [N] option under certconfig --> setup. Then, you can choose separate certificates for each service. To utilize the current default demo certificate, simply grab the public/private keys from certconfig --> print. 
  3. Assuming the wildcard covers the proper FQDN you're using, yes. 

 

Thanks!

-Dennis M.

View solution in original post

Hey a.zahid,

I assume you're using an SMA prior to version 11.5 which is why the commands are not visible.
What you can do to obtain your certificate in the older version is using "showconfig" then extracting the certificate in PEM format to a wordpad then you can load the cert in that way.

(alternatively you can save the configuration with unmasked passwords and also extract the certificate through that means.)

Thanks,
Mathew

View solution in original post

5 Replies 5

dmccabej
Cisco Employee
Cisco Employee

Hello,

 

  1. No, it should not impact any email traffic. 
  2. Yes, you can. You would need to choose the [N] option under certconfig --> setup. Then, you can choose separate certificates for each service. To utilize the current default demo certificate, simply grab the public/private keys from certconfig --> print. 
  3. Assuming the wildcard covers the proper FQDN you're using, yes. 

 

Thanks!

-Dennis M.

Hi Dennis,

 

Thanks for your reply. For no.2, If I want to use current demo certificate for inbound tls, outbound tls and ldaps, what is the steps that I should do? I do not see option in ssh to simply grab the public/private keys from certconfig --> print. Only have certconfig --> setup, which will then request certificate for each inbound tls, outbound tls, https and ldaps.

 

Thanks.

Hey a.zahid,

I assume you're using an SMA prior to version 11.5 which is why the commands are not visible.
What you can do to obtain your certificate in the older version is using "showconfig" then extracting the certificate in PEM format to a wordpad then you can load the cert in that way.

(alternatively you can save the configuration with unmasked passwords and also extract the certificate through that means.)

Thanks,
Mathew

Hi Mathew,

 

Thanks for clearing that up. It works. I managed to copy and paste back the default certificate.

 

Thanks for your help.

Glad we were able to help and you got everything sorted! :)