Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
731732733734735736737738739740
26-51
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 26 Authenticating SMTP Sessions Using Client Certificates
Checking the Validity of a Client Certificate
Checking the Validity of a Client Certificate
The Certificate Authentication LDAP query checks the validity of a client certificate in order to
authenticate an SMTP session between the user’s mail client and the Email Security appliance. When
creating this query, you select a list of certificate fields for authentication, specify the User ID attribute
(the default is
uid), and enter the query string.
For example, a query string that searches for the certificate’s common name and serial number may look
like
(&(objectClass-posixAccount)(caccn={cn})(cacserial={sn}). After you have created the
query, you can use it in a Certificate SMTP Authentication Profile. This LDAP query supports
OpenLDAP, Active Directory, and Oracle Directory.
See Chapter 25, “LDAP Queries” for more information on configuring LDAP servers.
Procedure
Step 1 Select System Administration > LDAP.
Step 2 Create a new LDAP profile. See Creating LDAP Server Profiles to Store Information About the LDAP
Server, page 25-5 for more information.
Step 3 Check the Certificate Authentication Query checkbox.
Step 4 Enter the query name.
Step 5 Enter the query string to authenticate the user’s certificate. For example,
(&(objectClass=user)(cn={cn})).
Step 6 Enter the user ID attribute, such as sAMAccountName.
Step 7 Submit and commit your changes.
Step 3 Create a certificate-based SMTP authentication
profile
Authenticating an SMTP Connection Over TLS Using a
Client Certificate, page 26-52
Step 4 Create an LDAP SMTP authentication profile. Configuring AsyncOS for SMTP Authentication,
page 25-32
Step 5 Configure a listener to use the certificate SMTP
authentication profile.
Listening for Connection Requests by Creating a Listener
via the GUI, page 5-8
Step 6
1. Modify the RELAYED mail flow policy to
use the following settings:
TLS Preferred
SMTP authentication required
Require TLS for SMTP authentication
Establishing a TLS Connection from the Appliance,
page 26-53
Table 26-3 How to Authenticate a User with a Client Certificate or an LDAP SMTP Authentication Query
Do This More Info