Re: Migrating from Clearswift Gateway to ESA

rene_braun · ‎12-14-2020

Hello all

We are migrating from a clearswift solution to Cisco ESA. We are trying to export the existing smime public keys and add them to ESA, but every key one by one. The export button hides once you select more than one key. With ober thousands, a mess.

Does someone already dealt with that and knows about mass exporting the keys?

Best regards

Rene

rene_braun · ‎12-17-2020

We've found solutions by looking into latest backup. What do you need is just some basic linux commands and openssl.

Filter expired Certs and move them away - name new folder properly

grep -l 'expired="true"' /home/Placeholder/Documents/Placeholder/Placeholder_Clearswift_SEG_uicfg/encryption/external/*.xml

Filter is not a SMIME Cert and move them away - name new folder properly

grep -l -L 'SMIMECertificate' /home/Placeholder/Documents/Placeholder/Placeholder_Clearswift_SEG_uicfg/encryption/external/*.xml

Storing filenames into a file yould also be useful

ls -1 > all_xml

gives out asn1 structure and stores it in binary format

openssl asn1parse -in Placeholder.xml -out Placeholder.der

convert binary into base64 encoded style

openssl x509 -inform DER -in Placeholder.DER -out Placeholder.pem

Please keep in mind that this way helps if you only need to import a few public keys. In larger deployments you may need to build a script and upload data to ESA in a single file. Or make sure you never use ESA for de/encypting mails.