Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3197
Views
0
Helpful
4
Replies

How to Export a Certificate from SMA?

Go to solution
anotthak8
Level 1
Level 1

‎01-09-2017 01:53 PM

Hello,

I plan on uploading a new SHA-2 cert to our SMA and I am wondering how do I export the old cert (Should any error occur)?

I will be using the instructions in the link below to import a new cert. However, I do not see any instructions to export the old cert.

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html#anc2

Thank you in advance!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-09-2017 02:00 PM

Hi,

You may use the certconfig CLI command to print the installed certificate, or download the SMA configuration file and get the certificate from the XML file.

Please make sure to export the configuration file with passwords unmasked.

Regards,
Libin Varghese

View solution in original post

0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee

‎01-09-2017 02:04 PM

Hello,

You can obtain the current certificate information via a configuration export. This can be done in the GUI via System Administration --> Configuration File --> Download configuration. (Be sure to uncheck mask passwords if you ever wish to re-import this exported configuration)

Once exported, you can search for the following lines for the certificate and private key information :

+++

-----BEGIN CERTIFICATE-----
xxxxx
-----END CERTIFICATE-----


-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE KEY-----

+++

Thanks!

-Dennis M.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-09-2017 02:00 PM

Hi,

You may use the certconfig CLI command to print the installed certificate, or download the SMA configuration file and get the certificate from the XML file.

Please make sure to export the configuration file with passwords unmasked.

Regards,
Libin Varghese

0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee

‎01-09-2017 02:04 PM

Hello,

You can obtain the current certificate information via a configuration export. This can be done in the GUI via System Administration --> Configuration File --> Download configuration. (Be sure to uncheck mask passwords if you ever wish to re-import this exported configuration)

Once exported, you can search for the following lines for the certificate and private key information :

+++

-----BEGIN CERTIFICATE-----
xxxxx
-----END CERTIFICATE-----


-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE KEY-----

+++

Thanks!

-Dennis M.

0 Helpful

Go to solution
thaungtunzaw
Level 1
Level 1
In response to dmccabej

‎05-02-2018 12:12 AM

Hello,

Please kindly advise how can I get the Private Key as it is not included in received the signed certificate.

 

-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE KEY-----

 

Thanks

0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee
In response to thaungtunzaw

‎05-02-2018 07:39 AM

Hello,

 

Please review my previous response regarding the configuration export to obtain the private key. If the private key is not listed in the configuration, then either the certificate was not generated on the ESA, or the certificate was not saved (submit/commit) after it was generated. If the case is the latter, you would need to re-generate the certificate/CSR and re-send to your CA since the private key would be lost. 

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents