Configuring the Appliance to Trust Proxy Server Communication
If you are using a non-transparent proxy server, you can add the CA certificate used to sign the proxy certificate to the email gateway. By doing so, the email gateway trusts the proxy server communication.
When Cisco Secure Email and Web Manager communicates with the updater servers to receive updates, a validation if the certificate is trusted is performed on the certificates that are used. To successfully validate the certificates used, you must include that updater server's Certificate Authority certificate into our Cisco Secure Email and Web Manager for successful communication. To perform this, use the . The options in the command include:
-
Add- To add a certificate in CA
-
List- To list all the certificates in CA
-
Delete- To delete a certificate in CA
Use the updateconfig command to configure this option. The following example shows how to configure this option.
SMA> updateconfig
Service (images): Update URL:
------------------------------------------------------------------------------
Feature Key updates http://downloads.ironport.com/asyncos
Timezone rules Cisco Servers
Support Request updates Cisco Servers
Smart License Agent Updates Cisco Servers
Notifications component Updates Cisco Servers
Cisco AsyncOS upgrades Cisco Servers
Service (list): Update URL:
------------------------------------------------------------------------------
Timezone rules Cisco Servers
Support Request updates Cisco Servers
Smart License Agent Updates Cisco Servers
Notifications component Updates Cisco Servers
Cisco AsyncOS upgrades Cisco Servers
Update interval: 5m
Proxy server: not enabled
HTTPS Proxy server: not enabled
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> trusted_certificates
Choose the operation you want to perform:
- ADD - Upload a new trusted certificate for updates.
- LIST - List trusted certificates for updates.
- DELETE - Delete a trusted certificate for updates.
[]> add
Paste certificates to be trusted for secure updater connections, blank to quit
Trusted Certificate for Updater:
paste cert in PEM format (end with '.'):
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIIOUMAFHhzRskwDQYJKoZIhvcNAQELBQAwczELMAkGA1UE
BhMCSU4xCzAJBgNVBAgTAlROMQwwCgYDVQQHEwNDaG4xETAPBgNVBAoTCENBQ053
aWxkMREwDwYDVQQLEwhDQUNOd2lsZDEjMCEGA1UEAwwaKi5jczIxLmRldml0LmNp
c2NvbGFicy5jb20wHhcNMjExMjE1MTE0NzAwWhcNMjIxMjE1MTE0NzAwWjBzMQsw
CQYDVQQGEwJJTjELMAkGA1UECBMCVE4xDDAKBgNVBAcTA0NobjERMA8GA1UEChMI
Q0FDTndpbGQxETAPBgNVBAsTCENBQ053aWxkMSMwIQYDVQQDDBoqLmNzMjEuZGV2
aXQuY2lzY29sYWJzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJPPBRGq0wHv/6ZLPOZ3jdEgzVS+dzXJSyhtMsgm/XrvIvjRH0MK3r++dtUgHMzz
le/WrxPKGphjtNsvF7ss58RRg3fiQCSQPX6nfBYc9v4A7rSdmKzYYFbBkGPeijLB
qwVyseMa3rifjv4Bucxw0M3ZrUqq7YfcZtxZhSEtxx8rT3A/uReIm/n1ERcZDclW
+GkfRxEdY3ZLpen/2sFiOAVMvAHlKRtK7kEhmo1TPQZ0h0UQFNDbl2ZWZZ6Nuv0I
Z6pUDNj1/+GoJyvSwl0qpetHxhdMtubMAAM8JQNvNkHgzOswsbN18F5at7cZ/KFI
HuvBUXKHV5pEX3hOdJxbuocCAwEAAaNdMFswDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
FgQUCNlXseZ5qBjqJtYv3sdCujJuqnAwHwYDVR0jBBgwFoAUCNlXseZ5qBjqJtYv
3sdCujJuqnAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBaq5KXw/wX
nzJpBnKPZuO4KNcIz9/A2Hil2ikWNBjfla1x/37OdTbh3IpHJ6n1OCeAkE5Ww7uX
amlUcWxvDk3Zn+tKysCU2Q1PYSxUHXtqH3rvWZDRglPkJUu420tnCg2fV1bulcJ1
xx6E95a9D1vCarfxvuINU50076gnypTMv9+lOFXCkvDgBOmkQpqswR5l519kmDZi
mt8CoknJN/iAENxM8b47262yXEc1X6ZN/OWa/xl4OS3X0C0hikyg9HpUGDq+CigE
s5CBCOLDfe8G9kAPoTg2mVNT10xxQF1juobb6djmdB1Of8kqgKs2eWsD+MfKvNbG
ZzPGx4SUS2RZ
-----END CERTIFICATE-----
.
Do you want to check if Common Name or SAN:dNSName or both are in Fully Qualified Domain Name(FQDN) format ? [N]> y
Choose the operation you want to perform:
- ADD - Upload a new trusted certificate for updates.
- LIST - List trusted certificates for updates.
- DELETE - Delete a trusted certificate for updates.
[]>