Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Enterprise Gateways (or Message Transfer Agents, i.e. MTAs) normally 
communicate “in the clear” over the Internet. That is, the communications are not 
encrypted. In several scenarios, malicious agents can intercept this 
communication without the knowledge of the sender or the receiver. 
Communications can be monitored and even altered by a third party. 

Transport Layer Security (TLS) is an improved version of the Secure Socket 
Layer (SSL) technology. It is a widely used mechanism for encrypting SMTP 
conversations over the Internet. AsyncOS supports the STARTTLS extension to 
SMTP (Secure SMTP over TLS), described in RFC 3207 (which obsoletes RFC 
2487).

The TLS implementation in AsyncOS provides privacy through encryption. It 
allows you to import an X.509 certificate and private key from a certificate 
authority service or create a self-signed certificate to use on the appliance. 
AsyncOS supports separate TLS certificates for public and private listeners, 
HTTPS management access on an interface, the LDAP interface, and all outgoing 
TLS connections.

If you have an Email Security appliance with a FIPS-compliant Hardware 
Security Module (HSM) card, the FIPS Officer must generate or upload certificate 
and key pairs using the FIPS Management page or the 

fipsconfig

 CLI command. 

Certificates are stored on the appliance and the private keys are stored on the HSM 
card. For more information on managing certificates and keys, see 

To successfully configure TLS on the IronPort appliance, follow these steps:

Obtain certificates.

Install certificates on the IronPort appliance.

Enable TLS on the system for receiving, delivery, or both.