Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

By default, neither private nor public listeners allow TLS connections. You must 
enable TLS in a listener’s HAT to enable TLS for either inbound (receiving) or 
outbound (sending) email. In addition, all default mail flow policy settings for 
private and public listeners have the 

tls

 setting set to “off.” 

You can assign a specific certificate for TLS connections to individual public 
listeners when creating a listener. For more information, see 

.

You can assign a certificate to an individual public or private listener for TLS 
connections using either the Network > Listeners page or the 

listenerconfig -> 

edit -> certificate

 command in the CLI.

To assign a TLS certificate via the GUI, select the certificate you want in the 
Certificate section when creating or editing a listener and then submit and commit 
your changes.

To assign a certificate to a listener via the CLI, follow these steps:

Use the 

listenerconfig -> edit

 command to choose a listener you want to 

configure. 

Use the

 certificate

 command to see the available certificates.

Choose the certificate you want to assign to the listener when prompted.

When you are finished configuring the listener, issue the 

commit

 command to 

enable the change.

The IronPort appliance will note in the mail logs instances when TLS is required 
but could not be used by the listener. The mail logs will be updated when the 
following condition is met:

TLS is set to “required” for a listener,