Cisco Cisco Email Security Appliance C160 Mode D'Emploi

To use TLS, the Email Security appliance must have an X.509 certificate and matching private key for 
receiving and delivery. You may use the same certificate for both SMTP receiving and delivery and 
different certificates for HTTPS services on an interface, the LDAP interface, and all outgoing TLS 
connections to destination domains, or use one certificate for all of them.

You can view the entire list of certificates on the Network > Certificates page in the web interface and 
in the CLI by using the

 print

 command after you configure the certificates using 

certconfig

. Note that 

the 

print

 command does not display intermediate certificates.

Your appliance ships with a demonstration certificate to test the TLS and HTTPS functionality, but 
enabling either service with the demonstration certificate is not secure and is not recommended for 
general use. When you enable either service with the default demonstration certificate, a warning 
message is printed in the CLI. 

Obtain an X.509 certificate and private key from a 
recognized certificate authority.

Install the certificate on the Email Security appliance

Install a certificate by either:

Enable TLS for receiving messages, delivering 
messages, or both

 

(Optional) Customize the list of trusted certificate 
authorities that the appliance uses to verify a certificate 
from a remote domain to establish the domain’s 
credentials.

(Optional) Configure the Email Security appliance to 
send an alert when it’s unable to deliver messages to a 
domain that requires a TLS connection.