assign new SSL cert on Cisco IronPort ESA

Issue: After completing the steps to install a new SSL certificate on your Cisco IronPort ESA you need to assign the certificate to the various Cisco IronPort functions that require encryption (email communications, TLS, Quarantine and admin web pages).

Activating the new SSL Certificate:

  • To assign the new certificate for inbound SMTP email communication, open Network > Listeners and select the new certificate

Ironport Listener Settings

  • Assign the certificate for use in Outbound TLS based email communications:

    Mail Policies > Destination Controls > Global Settings > Edit Global Settings > click the Certificate drop down and select your new Certificate.
    edit-destination-controls-global-certificate

     

Note: Specifying a certificate under destination controls tells the IronPort ESA which cert to use *if* TLS is enabled on outbound communications.  In other words, specifying the cert in the drop down will not actually enable TLS on the IronPort.  Follow these steps to enable TLS on the IronPort ESA.

Next: assign your new certificate to the Cisco IronPort ESA quarantine and admin web pages

Related

4 thoughts on “assign new SSL cert on Cisco IronPort ESA

  1. Francis

    “I can show you where to set the Cisco ESA certs for web administration and quarantine.”

    Is this done with the CLI? I already have a wildcard cert installed on the IronPort but I don’t see anywhere in the GUI (version 8.3.6) where to apply it to HTTPS (or Spam Quarantine)

    Thanks!

    Reply
  2. Khaim

    You do not specify how to apply the cert for the Quarantine web interface for users. Or does setting the Secure Connection to SSL automatically use the installed SSL cert?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *