Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
23-8
Cisco AsyncOS 9.1 for Email User Guide
Chapter 23 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
Assigning a Certificate to a Public or Private Listener for TLS Connections
Using the CLI
Using the CLI
Procedure
Step 1
Use the
listenerconfig -> edit
command to choose a listener you want to configure.
Step 2
Use the
certificate
command to see the available certificates.
Step 3
Choose the certificate you want to assign to the listener when prompted.
Step 4
When you are finished configuring the listener, issue the
commit
command to enable the change.
Logging
The Email Security appliance will note in the mail logs instances when TLS is required but could not be
used by the listener. The mail logs will be updated when the following conditions are met:
used by the listener. The mail logs will be updated when the following conditions are met:
•
TLS is set to “required” for a listener.
•
The Email Security appliance has sent a “Must issue a STARTTLS command first” command.
•
The connection is closed without having received any successful recipients.
Information on why the TLS connection failed will be included in the mail logs.
GUI Example: Changing the TLS Setting for Listener’s HAT
Procedure
Step 1
Navigate to the Mail Policies > Mail Flow Policies page.
Step 2
Choose a listener whose policies you want to modify, and then click the link for the name of policy to
edit. (You can also edit the Default Policy Parameters.)
edit. (You can also edit the Default Policy Parameters.)
Step 3
In the “Encryption and Authentication” section, for the “TLS:” field, choose the level of TLS you want
for the listener.
for the listener.
Figure 23-3
Requiring TLS in a Listener’s Mail Flow Policy Parameters
Step 4
Submit and commit your changes.
The mail flow policy for the listener is updated with the TLS setting you chose.