Re: On Premise 2 Cisco ESA same domain setup DKIM

IchwanZoelverdy2083 · ‎05-24-2021

Hi,

i have requirement to setup DKIM in two cisco ESA appliance, but all documentation only describe at one appliance.
my requirement is i want to setup two ESA appliance with same domain.

are there any suggestion or related documentation for my scenario ?

Regards

marc.luescherFRE · ‎05-25-2021

That is very easy :

Mail Policies / Signing Keys / Export Keys

this will export all DKIM signing keys into a single file onto the configuration directory of your ESA

Mail Policies / Signing Profiles / Export Profiles

this will export all DKIM signing profiles into a single file onto the configuration directory of your ESA

You then download both files to our PC and upload them into the config dictionary of ESA 2.

Then you use

Mail Policies / Signing Keys / Import Keys

Mail Policies / Signing Keys / Import Profiles

This will overwrite the existing DKIM keys and profiles on ESA2.

We do that about 1x a week. I hope that helps.

Ken Stieers · ‎05-25-2021

Hey Marc

You rotate your keys that often?

Ken

marc.luescherFRE · ‎05-26-2021

Hi Ken,

a) we add about 1-2 domains per month which we need to enable with new DKIM keys

b) we have for every domain a user and a systems DKIM signing key

c) we roll over user keys 1-2 times a year, unless required more often

d) we roll over some patient application keys at least quarterly

So busy in that area...

-Marc

IchwanZoelverdy2083 · ‎05-26-2021

Hi Marc,

Thanks for your answer

is it possible if i created two selector for each ESA ? for example

ESA01 : s1._domainkey.example.com

ESA02 : s2_domainkey.example.com

because export import activity will be troublesome for the operation team

Regards