Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Change the TLS setting by entering one of the following choices when you are prompted with the 
following questions: 

Note that this example asks you to use the 

certconfig

 command to ensure that there is a valid certificate 

that can be used with the listener. If you have not created any certificates, the listener uses the 
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the 
demonstration certificate for testing purposes, but it is not secure and is not recommended for general 
use. Use the 

listenerconfig -> edit -> certificate

 command to assign a certificate to the listener.

Once you have configured TLS, the setting will be reflected in the summary of the listener in the CLI: 

Issue the 

commit

 command to enable the change. 

You can require that TLS is enabled for email delivery to specific domains using the Destination 
Controls page or the 

destconfig

 command. 

In addition to TLS, you can require that the domain’s server certificate is verified. This domain 
verification is based on a digital certificate used to establish the domain’s credentials. The validation 
process involves two validation requirements:

Do you want to allow encrypted TLS connections?

1. No

2. Preferred

3. Required

[1]> 3

You have chosen to enable TLS. Please use the 'certconfig' command to 

ensure that there is a valid certificate configured.

Name: Inboundmail

Type: Public

Interface: PublicNet (192.168.2.1/24) TCP Port 25

Protocol: SMTP

Default Domain:

Max Concurrency: 1000 (TCP Queue: 50)

Domain map: disabled