Cisco Cisco Email Security Appliance X1070 ユーザーガイド
24-2
Cisco AsyncOS 9.5 for Email User Guide
Chapter 24 Encrypting Communication with Other MTAs
Working with Certificates
How to Encrypt SMTP Conversations using TLS
Working with Certificates
To use TLS, the Email Security appliance must have an X.509 certificate and matching private key for
receiving and delivery. You may use the same certificate for both SMTP receiving and delivery and
different certificates for HTTPS services on an interface, the LDAP interface, and all outgoing TLS
connections to destination domains, or use one certificate for all of them.
receiving and delivery. You may use the same certificate for both SMTP receiving and delivery and
different certificates for HTTPS services on an interface, the LDAP interface, and all outgoing TLS
connections to destination domains, or use one certificate for all of them.
You can view the entire list of certificates on the Network > Certificates page in the web interface and
in the CLI by using the
in the CLI by using the
print
command after you configure the certificates using
certconfig
. Note that
the
print
command does not display intermediate certificates.
Caution
Your appliance ships with a demonstration certificate to test the TLS and HTTPS functionality, but
enabling either service with the demonstration certificate is not secure and is not recommended for
general use. When you enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
enabling either service with the demonstration certificate is not secure and is not recommended for
general use. When you enable either service with the default demonstration certificate, a warning
message is printed in the CLI.
Related Topics
•
•
Table 24-1
How to Encrypt SMTP Conversations using TLS
Do This
More Info
Step 1
Obtain an X.509 certificate and private key from a
recognized certificate authority.
recognized certificate authority.
Step 2
Install the certificate on the Email Security appliance
Install a certificate by either:
•
•
Step 3
Enable TLS for receiving messages, delivering
messages, or both
messages, or both
•
•
Step 4
(Optional) Customize the list of trusted certificate
authorities that the appliance uses to verify a certificate
from a remote domain to establish the domain’s
credentials.
authorities that the appliance uses to verify a certificate
from a remote domain to establish the domain’s
credentials.
Step 5
(Optional) Configure the Email Security appliance to
send an alert when it’s unable to deliver messages to a
domain that requires a TLS connection.
send an alert when it’s unable to deliver messages to a
domain that requires a TLS connection.