Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Email Security Appliance C370D
  5. Weißbuch

Cisco Cisco Email Security Appliance C370D Weißbuch

Download
Seite von 11
© 2016 Cisco and/or its affiliates. All rights reserved.
5
• 
Upload the CSR to your Certificate Authority
3. Installing the certificate you received from the Certificate Authority:
• 
Obtain the SSL certificate issued from your CA
• 
Per the screenshot above, click the 
“Browse” button below “Upload 
Signed Certificate” in order to upload the certificate from your 
Certificate Authority to Cisco Email Security
• 
Expand the “Intermediate Certificate (Optional)” area to upload any 
intermediate certificates required by your certificate authority
• 
Click 
Submit
At this point your new certificate is now installed.
How to Enable TLS for Incoming Emails
This diagram shows the flow of TLS messages between servers:
Sending Server
Your Mail Server
Email Protection Service
TLS
SMTP?
TLS?
1
2
You must enable TLS for any listeners where you require encryption 
for inbound connections. You might want to enable TLS on listeners 
that face the Internet (public listeners), but not for listeners for internal 
systems (private listeners).
Or, you might want to enable encryption for all listeners. By default, 
neither private nor public listeners allow TLS connections. You must 
enable TLS in a listener’s Host Access Table (HAT) in order to enable 
TLS for either inbound (receiving) or outbound (sending) email. In 
addition, the mail flow policy settings for private and public listeners 
have TLS turned ‘off’ by default.
You can specify three different settings for TLS on a listener:
Setting
Meaning
None
TLS is not allowed for incoming connections. 
Connections to the listener do not require encrypted 
Simple Mail Transfer Protocol (SMTP) conversations. 
This is the default setting for all listeners you configure 
on the appliance.
Preferred
TLS is allowed for incoming connections to the listener 
from Message Transfer Agents (MTAs).
Required
TLS is allowed for incoming connections to the listener 
from MTAs, and until a STARTTLS command is received, 
the Cisco Email Security Solutions responds with an 
error message to every command other than No Option 
(NOOP), EHLO, or QUIT. If TLS is 'Required' it means 
that email which the sender does not want encrypted 
with TLS will be refused by the Cisco Email Security 
Solutions before it is sent, which thereby prevents it from 
be transmitted in the clear.
Enable TLS on a HAT Mail Flow Policy for a Listener via the 
Graphical User Interface (GUI)
Complete these steps:
1. From the Mail Flow Policies page, choose a listener whose policies 
you want to modify and then click the link for the name of the policy 
to edit. (You can also edit the Default Policy Parameters.) The Edit 
Mail Flow Policy page is displayed.
How-To Secure Communications -  
Setting Up Transport Layer Security (TLS)
Cisco Public