Cisco Cisco Email Security Appliance C190 Guía Del Usuario
Chapter 2 Customizing Listeners
2-64
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Step 4
Issue the
commit
command to enable the change.
Enabling TLS and Certificate Verification on Delivery
You can require that TLS is enabled for email delivery to specific domains using
the Destination Controls page or the
the Destination Controls page or the
destconfig
command.
In addition to TLS, you can require that the domain’s server certificate is verified.
This domain verification is based on a digital certificate used to establish the
domain’s credentials. The validation process involves two validation
requirements:
This domain verification is based on a digital certificate used to establish the
domain’s credentials. The validation process involves two validation
requirements:
•
The chain of issuer certificates for the SMTP session ends in a certificate
issued by a trusted certificate authority (CA).
issued by a trusted certificate authority (CA).
•
The Common Name (CN) listed on the certificate matches either the
receiving machine's DNS name or the message's destination domain.
receiving machine's DNS name or the message's destination domain.
- or -
The message's destination domain matches one of the DNS names in the
certificate's Subject Alternative Name (subjectAltName) extension, as
described in RFC 2459. The matching supports wildcards as described in
section 3.1 of RFC 2818.
certificate's Subject Alternative Name (subjectAltName) extension, as
described in RFC 2459. The matching supports wildcards as described in
section 3.1 of RFC 2818.
A trusted CA is a third-party organization or company that issues digital
certificates used to verify identity and distributes public keys. This provides an
additional level of assurance that the certificate is issued by a valid and trusted
identity.
certificates used to verify identity and distributes public keys. This provides an
additional level of assurance that the certificate is issued by a valid and trusted
identity.
You can configure your IronPort appliance to send messages to a domain over a
TLS connection as an alternative to envelope encryption. See the “IronPort Email
Encryption” chapter in the Cisco IronPort AsyncOS for Email Configuration
Guide for more information.
TLS connection as an alternative to envelope encryption. See the “IronPort Email
Encryption” chapter in the Cisco IronPort AsyncOS for Email Configuration
Guide for more information.
Domain map: disabled
TLS: Required