Cisco Cisco Email Security Appliance C160 Mode D'Emploi
21-8
Cisco AsyncOS 8.5 for Email User Guide
Chapter 21 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
The mail flow policy for the listener is updated with the TLS setting you chose.
CLI Example: Changing the TLS Setting for Listener’s HAT
Procedure
Step 1
Use the
listenerconfig -> edit
command to choose a listener you want to configure.
Step 2
Use the
hostaccess -> default
command to edit the listener’s default HAT settings.
Step 3
Change the TLS setting by entering one of the following choices when you are prompted with the
following questions:
following questions:
Note that this example asks you to use the
certconfig
command to ensure that there is a valid certificate
that can be used with the listener. If you have not created any certificates, the listener uses the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
listenerconfig -> edit -> certificate
command to assign a certificate to the listener.
Once you have configured TLS, the setting will be reflected in the summary of the listener in the CLI:
Do you want to allow encrypted TLS connections?
1. No
2. Preferred
3. Required
[1]> 3
You have chosen to enable TLS. Please use the 'certconfig' command to
ensure that there is a valid certificate configured.
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required