Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Ironport 7.6 - Certifiacte expiring and CSR download question

My certificate is expiring on my Ironport. Last time I got the certificate I went through OPENSSL to generate the cert and then requested it through godaddy. Then you have to save in PEM format and all that jazz. Anyway I cannot find the directions to do this and am currently about to start this again.

I just found on the certificate screen that I can request the CSR directly from Ironport in the Network -> Certificate  screen. Has anyone used this before? This would be a real easy way to update the cert and if it works, I would be extremely happy. Makes it much easier then before.

Thanks for any responses!

Dave

2 REPLIES
New Member

Ironport 7.6 - Certifiacte expiring and CSR download question

Good morning, Dave

I just went through the process this week on two C360s running in an application cluster.  I used the Network -> Certificates -> Add Certificate function to generate a CSR for two new Verisign certs.

Once I got the certs back, I imported into Windows MMC and exported in base 64 format.  I imported into the appliances and changed common cert name to be the same on both boxes.  Then I could go to the Listener, IP Interface and Destination Controls and select the new cert. I admit I had Support on the line while I did that part just in case all went to heck especially as we have CRES TLS set up.  But all went well and we had no disruption in email flow.  :-)

Star

New Member

Ironport 7.6 - Certifiacte expiring and CSR download question

Ended up that this shoul dhave been easier than what it was. Working with Cisco support I should have been able to go to GoDaddy, have it renew the certificate with the same CSR, and then upload it.

Well, something went wrong and the CRT ended up not being trusted (I think this was me trying to figure out stuff and generating things before I called), also killing my web connection to the server. We had to log in through the CLI, turn on http support, connect back up over http, generated a new CSR through the GoDaddy interface (nice that is built in now) and then getting a new vvalid cert from GoDaddy. Applied that and we were up and going.

Live and learn, I guess. Much easier to do now than it was when I have generated the certs in the past so I was really over thinking this.

Thanks for the input!

695
Views
0
Helpful
2
Replies
CreatePlease to create content