Cisco Cisco Email Security Appliance C650 Guía Del Usuario
C H A P T E R
27-47
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
27
Authenticating SMTP Sessions Using Client
Certificates
Certificates
•
•
•
•
•
•
Overview of Certificates and SMTP Authentication
The Email Security appliance supports the use of client certificates to authenticate SMTP sessions
between the Email Security appliance and users’ mail clients. The Email Security appliance can request
a client certificate from a user’s mail client when the application attempts to connect to the appliance to
send messages. When the appliance receives the client certificate, it verifies that the certificate is valid,
has not expired, and has not been revoked. If the certificate is valid, the Email Security appliance allows
an SMTP connection from the mail application over TLS.
between the Email Security appliance and users’ mail clients. The Email Security appliance can request
a client certificate from a user’s mail client when the application attempts to connect to the appliance to
send messages. When the appliance receives the client certificate, it verifies that the certificate is valid,
has not expired, and has not been revoked. If the certificate is valid, the Email Security appliance allows
an SMTP connection from the mail application over TLS.
Organizations that require their users to use a Common Access Card (CAC) for their mail clients can use
this feature to configure the Email Security appliance to request a certificate that the CAC and
ActivClient middleware application will provide to the appliance.
this feature to configure the Email Security appliance to request a certificate that the CAC and
ActivClient middleware application will provide to the appliance.
You can configure the Email Security appliance to require users to provide a certificate when sending
mail, but still allow exceptions for certain users. For these users, you can configure the appliance to use
the SMTP authentication LDAP query to authenticate the user.
mail, but still allow exceptions for certain users. For these users, you can configure the appliance to use
the SMTP authentication LDAP query to authenticate the user.
Users must configure their mail client to send messages through a secure connection (TLS) and accept
a server certificate from the appliance.
a server certificate from the appliance.
Related Topics
•
•
•