Cisco Cisco Email Security Appliance C690 Mode D'Emploi
20-2
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 20 Encrypting Communication with Other MTAs
Obtaining Certificates
How to Encrypt SMTP Conversations using TLS
Obtaining Certificates
To use TLS, the Cisco appliance must have an X.509 certificate and matching private key for receiving
and delivery. You may use the same certificate for both SMTP receiving and delivery and different
certificates for HTTPS services on an interface, the LDAP interface, and all outgoing TLS connections
to destination domains, or use one certificate for all of them.
and delivery. You may use the same certificate for both SMTP receiving and delivery and different
certificates for HTTPS services on an interface, the LDAP interface, and all outgoing TLS connections
to destination domains, or use one certificate for all of them.
You may purchase certificates and private keys from a recognized certificate authority service. A
certificate authority is a third-party organization or company that issues digital certificates used to verify
identity and distributes public keys. This provides an additional level of assurance that the certificate is
issued by a valid and trusted identity. Cisco does not recommend one service over another.
certificate authority is a third-party organization or company that issues digital certificates used to verify
identity and distributes public keys. This provides an additional level of assurance that the certificate is
issued by a valid and trusted identity. Cisco does not recommend one service over another.
The Cisco appliance can create a self-signed certificate for your own use and generate a Certificate
Signing Request (CSR) to submit to a certificate authority to obtain the public certificate. The certificate
authority will return a trusted public certificate signed by a private key. Use the Network > Certificates
page in the GUI or the
Signing Request (CSR) to submit to a certificate authority to obtain the public certificate. The certificate
authority will return a trusted public certificate signed by a private key. Use the Network > Certificates
page in the GUI or the
certconfig
command in the CLI to create the self-signed certificate, generate the
CSR, and install the trusted public certificate.
If you are acquiring or creating a certificate for the first time, search the Internet for “certificate authority
services SSL Server Certificates,” and choose the service that best meets the needs of your organization.
Follow the service’s instructions for obtaining a certificate.
services SSL Server Certificates,” and choose the service that best meets the needs of your organization.
Follow the service’s instructions for obtaining a certificate.
You can view the entire list of certificates on the Network > Certificates page in the GUI and in the CLI
by using the
by using the
print
command after you configure the certificates using
certconfig
. Note that the
print
command does not display intermediate certificates.
Table 20-1
How to Encrypt SMTP Conversations using TLS
Do This
More Info
Step 1
Obtain an X.509 certficate and private key from
a recognized certificate authority.
a recognized certificate authority.
Step 2
Install the certificate on the Email Security
appliance
appliance
Install a certificate by either:
•
•
Step 3
Enable TLS for receiving messages, delivering
messages, or both
messages, or both
•
•
Step 4
(Optional) Customize the list of trusted
certificate authorities that the appliane uses to
verify a certificate from a remote domain to
establish the domain’s credentials.
certificate authorities that the appliane uses to
verify a certificate from a remote domain to
establish the domain’s credentials.
Step 5
(Optional) Configure the Email Security
appliance to send an alert when it’s unable to
deliver messages to a domain that requires a
TLS connection.
appliance to send an alert when it’s unable to
deliver messages to a domain that requires a
TLS connection.