Руководство Пользователя для Cisco Cisco Email Security Appliance X1070
24-10
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 24 Encrypting Communication with Other MTAs
Enabling TLS and Certificate Verification on Delivery
Step 3
Change the TLS setting by entering one of the following choices when you are prompted with the
following questions:
following questions:
Note that this example asks you to use the
certconfig
command to ensure that there is a valid certificate
that can be used with the listener. If you have not created any certificates, the listener uses the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
listenerconfig -> edit -> certificate
command to assign a certificate to the listener.
Once you have configured TLS, the setting will be reflected in the summary of the listener in the CLI:
Step 4
Issue the
commit
command to enable the change.
Enabling TLS and Certificate Verification on Delivery
You can require that TLS is enabled for email delivery to specific domains using the Destination
Controls page or the
Controls page or the
destconfig
command.
In addition to TLS, you can require that the domain’s server certificate is verified. This domain
verification is based on a digital certificate used to establish the domain’s credentials. The validation
process involves two validation requirements:
verification is based on a digital certificate used to establish the domain’s credentials. The validation
process involves two validation requirements:
Do you want to allow encrypted TLS connections?
1. No
2. Preferred
3. Required
[1]> 3
You have chosen to enable TLS. Please use the 'certconfig' command to
ensure that there is a valid certificate configured.
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required