Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The Certificate Authentication LDAP query checks the validity of a client certificate in order to 
authenticate an SMTP session between the user’s mail client and the Email Security appliance. When 
creating this query, you select a list of certificate fields for authentication, specify the User ID attribute 
(the default is 

uid

), and enter the query string. 

For example, a query string that searches for the certificate’s common name and serial number may look 
like 

(&(objectClass-posixAccount)(caccn={cn})(cacserial={sn})

. After you have created the 

query, you can use it in a Certificate SMTP Authentication Profile. This LDAP query supports 
OpenLDAP, Active Directory, and Oracle Directory.

See 

 for more information on configuring LDAP servers.

Select System Administration > LDAP.

Create a new LDAP profile. See 

 for more information.

Check the Certificate Authentication Query checkbox.

Enter the query name.

Enter the query string to authenticate the user’s certificate. For example, 

(&(objectClass=user)(cn={cn}))

.

Enter the user ID attribute, such as 

sAMAccountName

. 

Submit and commit your changes.

Step 3

Create a certificate-based SMTP authentication 
profile

Step 4

Create an LDAP SMTP authentication profile.

Step  5

Configure a listener to use the certificate SMTP 
authentication profile.

Step 6

Modify the RELAYED mail flow policy to 
use the following settings:

TLS Preferred

SMTP authentication required

Require TLS for SMTP authentication