Cisco Cisco Email Security Appliance C370 用户指南
24-10
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 24 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
CLI Example: Changing the TLS Setting for Listener’s HAT
Procedure
Step 1
Use the
listenerconfig -> edit
command to choose a listener you want to configure.
Step 2
Use the
hostaccess -> default
command to edit the listener’s default HAT settings.
Step 3
Change the TLS setting by entering one of the following choices when you are prompted with the
following questions:
following questions:
Note that this example asks you to use the
certconfig
command to ensure that there is a valid certificate
that can be used with the listener. If you have not created any certificates, the listener uses the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
listenerconfig -> edit -> certificate
command to assign a certificate to the listener.
Once you have configured TLS, the setting will be reflected in the summary of the listener in the CLI:
Step 4
Issue the
commit
command to enable the change.
Do you want to allow encrypted TLS connections?
1. No
2. Preferred
3. Required
[1]> 3
You have chosen to enable TLS. Please use the 'certconfig' command to
ensure that there is a valid certificate configured.
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required