Cisco Cisco Email Security Appliance C190 Guida Utente
1-11
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 1 FIPS Management
When the certificate authority returns the trusted public certificate signed by a
private key, upload it by clicking on the certificate’s name on the FIPS
Management page and entering the path to the file on your local machine or
network. Make sure that the trusted public certificate that you receive is in PEM
format or a format that you can convert to PEM using before uploading to the
appliance. Uploading the certificate from the certificate authority overwrites the
existing certificate.
private key, upload it by clicking on the certificate’s name on the FIPS
Management page and entering the path to the file on your local machine or
network. Make sure that the trusted public certificate that you receive is in PEM
format or a format that you can convert to PEM using before uploading to the
appliance. Uploading the certificate from the certificate authority overwrites the
existing certificate.
For more information on obtaining certificates to use on the appliance, including
how to import certificates and keys from a certificate authority, see
how to import certificates and keys from a certificate authority, see
.
After you have added a certificate to your appliance, you can use it with any of
the following services:
the following services:
•
SMTP receiving and delivery. Use the Network > Listeners page (or the
listenerconfig -> edit -> certificate
CLI command) to assign the
certificate to any listeners that require encryption using TLS. You may want
to only enable TLS on listeners facing the Internet (that is, public listeners),
or you may want to enable encryption for all listeners, including internal
systems (that is, private listeners). For more information, see
to only enable TLS on listeners facing the Internet (that is, public listeners),
or you may want to enable encryption for all listeners, including internal
systems (that is, private listeners). For more information, see
•
Destination controls. Use the Mail Policies > Destination Controls page (or
the
the
destconfig
CLI command) to assign the certificate as a global setting to
for all outgoing TLS connections for email delivery. For information on using
the certificate for all outgoing TLS connections, see
the certificate for all outgoing TLS connections, see
•
Interfaces. Use the Network > IP Interfaces page (or the
interfaceconfig
CLI command) to enable the certificate for HTTPS services on an interface,
including the management interface. For information on using the certificate
for HTTPS services on an interface, see
including the management interface. For information on using the certificate
for HTTPS services on an interface, see
.
•
LDAP. Use the System Administration > LDAP page to assign the certificate
for all LDAP traffic that requires TLS connections. The appliance can also
use LDAP for external authentication of users. For information, see
for all LDAP traffic that requires TLS connections. The appliance can also
use LDAP for external authentication of users. For information, see