Cisco Cisco Email Security Appliance C160 用户指南
Chapter 1 Customizing Listeners
1-40
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
By default, neither private nor public listeners allow TLS connections. You must
enable TLS in a listener’s HAT to enable TLS for either inbound (receiving) or
outbound (sending) email. In addition, all default mail flow policy settings for
private and public listeners have the
enable TLS in a listener’s HAT to enable TLS for either inbound (receiving) or
outbound (sending) email. In addition, all default mail flow policy settings for
private and public listeners have the
tls
setting set to “off.”
You can assign a specific certificate for TLS connections to individual public
listeners when creating a listener. For more information, see
listeners when creating a listener. For more information, see
.
Assigning a Certificate
You can assign a certificate to an individual public or private listener for TLS
connections using either the Network > Listeners page or the
connections using either the Network > Listeners page or the
listenerconfig ->
edit -> certificate
command in the CLI.
To assign a TLS certificate via the GUI, select the certificate you want in the
Certificate section when creating or editing a listener and then submit and commit
your changes.
Certificate section when creating or editing a listener and then submit and commit
your changes.
Figure 1-18
Selecting a Certificate for a Listener
To assign a certificate to a listener via the CLI, follow these steps:
Step 1
Use the
listenerconfig -> edit
command to choose a listener you want to
configure.
Step 2
Use the
certificate
command to see the available certificates.
Step 3
Choose the certificate you want to assign to the listener when prompted.
Step 4
When you are finished configuring the listener, issue the
commit
command to
enable the change.
Logging
The IronPort appliance will note in the mail logs instances when TLS is required
but could not be used by the listener. The mail logs will be updated when the
following condition is met:
but could not be used by the listener. The mail logs will be updated when the
following condition is met:
•
TLS is set to “required” for a listener,