Skip to main content

SSL/TLS Certificate Installation Instructions - Cisco IronPort

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2015-11-27 06:21:43.0

TN 9009 - SSL/TLS Certificate Installation Instructions - Cisco IronPort

NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:

  • Individual files. Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
  • Concatenate PEM file (filename: CertificateBundle1.pem/CertificateBundle2.pem ) or
  • P7B format file (filename: Certificatebundle.p7b )

Both intermediate/chain certificates must be installed in your environment.

Before you begin

  • Important: To follow best practice it is recommended that you back-up your current Ironport Configuration, this can be done through the “ System Administration ” menu .
  • Never share private keys.
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method ( e-mail is not considered a secure method of transfer ).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices. ( Please Note that the server test is only for public facing sites and services )

Installing your Entrust SSL/TLS Certificate on Cisco IronPort

Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named ChainBundle1.crt and ServerCertificate.crt.  This file includes your signed SSL/TLS certificate and the combined certificate chain.

1. Navigate to Network > Certificates and Select the certificate you wish to import.

2. You will see an option to “Choose File” . Click on this option and choose “Upload Signed Certificate” to install the ServerCertificate.crt onto the Cisco IronPort.

3. Before saving these changes, you must upload the ChainBundle1.crt file. To do this, expand the “Intermediate Certificate (Optional)” browser and add the ChainBundle1.crt file section and click “Submit”.