If you have not done so, please be sure to read the following announcement:
While it’s not a requirement as most SMTP MTAs will operate without issue utilizing a self-signed certificate, 3rd party certificate requirements and validation are becoming more commonplace and even best practice. So, it is generally a good idea to obtain a 3rd party signed certificate.
You have a few options in order to complete the installation and setup of a 3rd party signed certificate. To start, you could simply open a Cisco TAC case and we can create the certificate for you and provide you with any additional guidance; however, if you’re perhaps more familiar with the process and wish to utilize another certificate authority for signing, you can follow the steps here.
If you do choose to create your own certificate and get it signed by a 3rd party, you will want to follow the following requirements for selecting the common name during creation and when sending the CSR over to the authority.
- Common Name (SAN - Option 1) [Datacenter/Region Specific]:
mx1 would be used for the common name, but all individual esa1/2/3/4/etc., mx1/mx2, and ob1 records must be included in SAN attributes when the request is provided to the CA.
- Common Name (Wildcard - Option 2)[Datacenter/Region Specific]:
Of course, you can reach out to Cisco TAC at any time if you run into issues or questions.
At this time, the certificate that we provide issued by HydrantID SSL CA G3 is free of charge and included in your CES purchase. If you wish to utilize your own CA then you will be responsible for the cost, and the price will vary depending on the type of certificate requested.
The CA can send the DAL to any of the email addresses below:
Updated 8 months ago