Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
27-53
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 27 Authenticating SMTP Sessions Using Client Certificates
Checking the Validity of a Client Certificate
Checking the Validity of a Client Certificate
The Certificate Authentication LDAP query checks the validity of a client certificate in order to
authenticate an SMTP session between the user’s mail client and the Email Security appliance. When
creating this query, you select a list of certificate fields for authentication, specify the User ID attribute
(the default is
authenticate an SMTP session between the user’s mail client and the Email Security appliance. When
creating this query, you select a list of certificate fields for authentication, specify the User ID attribute
(the default is
uid
), and enter the query string.
For example, a query string that searches for the certificate’s common name and serial number may look
like
like
(&(objectClass-posixAccount)(caccn={cn})(cacserial={sn})
. After you have created the
query, you can use it in a Certificate SMTP Authentication Profile. This LDAP query supports
OpenLDAP, Active Directory, and Oracle Directory.
OpenLDAP, Active Directory, and Oracle Directory.
See
for more information on configuring LDAP servers.
Procedure
Step 1
Select System Administration > LDAP.
Step 2
Create a new LDAP profile. See
for more information.
Step 3
Check the Certificate Authentication Query checkbox.
Step 4
Enter the query name.
Step 5
Enter the query string to authenticate the user’s certificate. For example,
(&(objectClass=user)(cn={cn}))
.
Step 6
Enter the user ID attribute, such as
sAMAccountName
.
Step 7
Submit and commit your changes.
Step 3
Create a certificate-based SMTP authentication
profile
profile
Step 4
Create an LDAP SMTP authentication profile.
Step 5
Configure a listener to use the certificate SMTP
authentication profile.
authentication profile.
Step 6
1.
Modify the RELAYED mail flow policy to
use the following settings:
use the following settings:
•
TLS Preferred
•
SMTP authentication required
•
Require TLS for SMTP authentication
Table 27-3
How to Authenticate a User with a Client Certificate or an LDAP SMTP Authentication Query
Do This
More Info