Cisco Cisco Email Security Appliance C160 Mode D'Emploi
20-7
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 20 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
Step 4
Submit and commit your changes.
Assigning a Certificate to a Public or Private Listener for TLS Connections
Using the CLI
Using the CLI
Procedure
Step 1
Use the
listenerconfig -> edit
command to choose a listener you want to configure.
Step 2
Use the
certificate
command to see the available certificates.
Step 3
Choose the certificate you want to assign to the listener when prompted.
Step 4
When you are finished configuring the listener, issue the
commit
command to enable the change.
Logging
The Cisco appliance will note in the mail logs instances when TLS is required but could not be used by
the listener. The mail logs will be updated when the following conditions are met:
the listener. The mail logs will be updated when the following conditions are met:
•
TLS is set to “required” for a listener.
•
The Cisco appliance has sent a “Must issue a STARTTLS command first” command.
•
The connection is closed without having received any successful recipients.
Information on why the TLS connection failed will be included in the mail logs.
GUI Example: Changing the TLS Setting for Listener’s HAT
Procedure
Step 1
Navigate to the Mail Policies > Mail Flow Policies page.
Step 2
Choose a listener whose policies you want to modify, and then click the link for the name of policy to
edit. (You can also edit the Default Policy Parameters.)
edit. (You can also edit the Default Policy Parameters.)
Step 3
In the “Encryption and Authentication” section, for the “TLS:” field, choose the level of TLS you want
for the listener.
for the listener.
Figure 20-3
Requiring TLS in a Listener’s Mail Flow Policy Parameters
Step 4
Submit and commit your changes.