Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
591592593594595596597598599600
23-9
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 23 Encrypting Communication with Other MTAs
Enabling TLS on a Listener’s HAT
CLI Example: Changing the TLS Setting for Listener’s HAT
Procedure
Step 1 Use the listenerconfig -> edit command to choose a listener you want to configure.
Step 2 Use the hostaccess -> default command to edit the listener’s default HAT settings.
Step 3 Change the TLS setting by entering one of the following choices when you are prompted with the
following questions:
Note that this example asks you to use the
certconfig command to ensure that there is a valid certificate
that can be used with the listener. If you have not created any certificates, the listener uses the
demonstration certificate that is pre-installed on the appliance. You may enable TLS with the
demonstration certificate for testing purposes, but it is not secure and is not recommended for general
use. Use the
listenerconfig -> edit -> certificate command to assign a certificate to the listener.
Once you have configured TLS, the setting will be reflected in the summary of the listener in the CLI:
Step 4 Issue the commit command to enable the change.
Do you want to allow encrypted TLS connections?
1. No
2. Preferred
3. Required
[1]> 3
You have chosen to enable TLS. Please use the 'certconfig' command to
ensure that there is a valid certificate configured.
Name: Inboundmail
Type: Public
Interface: PublicNet (192.168.2.1/24) TCP Port 25
Protocol: SMTP
Default Domain:
Max Concurrency: 1000 (TCP Queue: 50)
Domain map: disabled
TLS: Required