Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 1 Customizing Listeners
1-32
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Encrypting SMTP Conversations Using TLS
Enterprise Gateways (or Message Transfer Agents, i.e. MTAs) normally
communicate “in the clear” over the Internet. That is, the communications are not
encrypted. In several scenarios, malicious agents can intercept this
communication without the knowledge of the sender or the receiver.
Communications can be monitored and even altered by a third party.
communicate “in the clear” over the Internet. That is, the communications are not
encrypted. In several scenarios, malicious agents can intercept this
communication without the knowledge of the sender or the receiver.
Communications can be monitored and even altered by a third party.
Transport Layer Security (TLS) is an improved version of the Secure Socket
Layer (SSL) technology. It is a widely used mechanism for encrypting SMTP
conversations over the Internet. AsyncOS supports the STARTTLS extension to
SMTP (Secure SMTP over TLS), described in RFC 3207 (which obsoletes RFC
2487).
Layer (SSL) technology. It is a widely used mechanism for encrypting SMTP
conversations over the Internet. AsyncOS supports the STARTTLS extension to
SMTP (Secure SMTP over TLS), described in RFC 3207 (which obsoletes RFC
2487).
The TLS implementation in AsyncOS provides privacy through encryption. It
allows you to import an X.509 certificate and private key from a certificate
authority service or create a self-signed certificate to use on the appliance.
AsyncOS supports separate TLS certificates for public and private listeners,
secure HTTP (HTTPS) management access on an interface, the LDAP interface,
and all outgoing TLS connections.
allows you to import an X.509 certificate and private key from a certificate
authority service or create a self-signed certificate to use on the appliance.
AsyncOS supports separate TLS certificates for public and private listeners,
secure HTTP (HTTPS) management access on an interface, the LDAP interface,
and all outgoing TLS connections.
To successfully configure TLS on the IronPort appliance, follow these steps:
Step 1
Obtain certificates.
Step 2
Install certificates on the IronPort appliance.
Step 3
Enable TLS on the system for receiving, delivery, or both.
Obtaining Certificates
To use TLS, the IronPort appliance must have an X.509 certificate and matching
private key for receiving and delivery. You may use the same certificate for both
SMTP receiving and delivery and different certificates for HTTPS services on an
interface, the LDAP interface, and all outgoing TLS connections to destination
domains, or use one certificate for all of them.
private key for receiving and delivery. You may use the same certificate for both
SMTP receiving and delivery and different certificates for HTTPS services on an
interface, the LDAP interface, and all outgoing TLS connections to destination
domains, or use one certificate for all of them.