Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1846
Views
0
Helpful
1
Replies

TLS/SSL expiration check on ESA?

bsrinu001
Level 1
Level 1

‎09-05-2017 07:12 AM - edited ‎03-08-2019 07:23 PM

Hi Team, 

 

Could you please let us know how to check the TLS/SSL expiration status on ESA C670 also TLS communication will hapen by cipher keys right? whlie TLS neogiation. 

how many Ciphers/ Expiration dates for them? how to check? please calrity ASAP. Many Thanks 

Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎09-05-2017 11:37 AM

Hello,

 

Certificate expiration date(s) can be checked within the GUI by navigating to Network --> Certificates. On that page you'll be able to see the expiration date for each certificate installed on the appliance. 

 

+++certconfig.jpg

+++

 

For the SSL/TLS procotols themselves, you can also review this information within the GUI by navigating to System Administration --> SSL Configuration. From there, you'll be able to see which protcols are being used for which services along with the current cipher string. 

 

+++

ssl_config.jpg

+++

 

Finally, to see which ciphers would actually be offered in the SSL/TLS communication, you can take that cipher string and then paste it into the CLI using the sslconfig --> verify commands.

 

As an example:

 

 

hermes.test.local (SERVICE)> sslconfig

Choose the operation you want to perform:
- GUI - Edit GUI HTTPS ssl settings.
- INBOUND - Edit Inbound SMTP ssl settings.
- OUTBOUND - Edit Outbound SMTP ssl settings.
- VERIFY - Verify and show ssl cipher list.
[]> verify

Enter the ssl cipher you want to verify.
[]> ALL:-aNULL:-EXPORT

 

Hopefully that helps! Let me know if you need anything clarified.

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents