Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
24-54
Cisco AsyncOS 8.5 for Email User Guide
Chapter 24 Authenticating SMTP Sessions Using Client Certificates
Updating a List of Revoked Certificates
•
Require SMTP Authentication
•
Require TLS to Offer SMTP Authentication
Updating a List of Revoked Certificates
The Email Security appliance checks a list of revoked certificates (called a Certificate Revocation List)
as part of its certificate verification to make sure that the user’s certificate hasn’t been revoked. You keep
an up-to-date version of this list on a server and the Email Security appliance downloads it on a schedule
that you create.
as part of its certificate verification to make sure that the user’s certificate hasn’t been revoked. You keep
an up-to-date version of this list on a server and the Email Security appliance downloads it on a schedule
that you create.
Procedure
Step 1
Go to Network > CRL Sources.
Step 2
Enable CRL checking for SMTP TLS connections:
a.
Click Edit Settings under Global Settings.
b.
Select the checkbox for CRL check for inbound SMTP TLS.
c.
(Optional) Select the checkbox for CRL check for inbound SMTP TLS.
d.
Submit your change.
Step 3
Click Add CRL Source.
Step 4
Enter a name for the CRL source.
Step 5
Select the file type. This can be either ASN.1 or PEM.
Step 6
Enter the URL for the primary source for the file, including the filename. For example,
https://crl.example.com/certs.crl
Step 7
Optionally, enter the URL for a secondary source in case the appliance cannot contact the primary
source.
source.
Step 8
Specify a schedule for downloading the CRL source.
Step 9
Enable the CRL source.
Step 10
Submit and commit your changes.