Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
Chapter 2 Customizing Listeners
2-52
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Encrypting SMTP Conversations Using TLS
Enterprise Gateways (or Message Transfer Agents, i.e. MTAs) normally
communicate “in the clear” over the Internet. That is, the communications are not
encrypted. In several scenarios, malicious agents can intercept this
communication without the knowledge of the sender or the receiver.
Communications can be monitored and even altered by a third party.
communicate “in the clear” over the Internet. That is, the communications are not
encrypted. In several scenarios, malicious agents can intercept this
communication without the knowledge of the sender or the receiver.
Communications can be monitored and even altered by a third party.
Transport Layer Security (TLS) is an improved version of the Secure Socket
Layer (SSL) technology. It is a widely used mechanism for encrypting SMTP
conversations over the Internet. AsyncOS supports the STARTTLS extension to
SMTP (Secure SMTP over TLS), described in RFC 3207 (which obsoletes RFC
2487).
Layer (SSL) technology. It is a widely used mechanism for encrypting SMTP
conversations over the Internet. AsyncOS supports the STARTTLS extension to
SMTP (Secure SMTP over TLS), described in RFC 3207 (which obsoletes RFC
2487).
The TLS implementation in AsyncOS provides privacy through encryption. It
allows you to import an X.509 certificate and private key from a certificate
authority service or create a self-signed certificate to use on the appliance.
AsyncOS supports separate TLS certificates for public and private listeners,
HTTPS management access on an interface, the LDAP interface, and all outgoing
TLS connections.
allows you to import an X.509 certificate and private key from a certificate
authority service or create a self-signed certificate to use on the appliance.
AsyncOS supports separate TLS certificates for public and private listeners,
HTTPS management access on an interface, the LDAP interface, and all outgoing
TLS connections.
If you have an Email Security appliance with a FIPS-compliant Hardware
Security Module (HSM) card, the FIPS Officer must generate or upload certificate
and key pairs using the FIPS Management page or the
Security Module (HSM) card, the FIPS Officer must generate or upload certificate
and key pairs using the FIPS Management page or the
fipsconfig
CLI command.
Certificates are stored on the appliance and the private keys are stored on the HSM
card. For more information on managing certificates and keys, see
card. For more information on managing certificates and keys, see
To successfully configure TLS on the IronPort appliance, follow these steps:
Step 1
Obtain certificates.
Step 2
Install certificates on the IronPort appliance.
Step 3
Enable TLS on the system for receiving, delivery, or both.