Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
1
Replies

Why do we need Destination Control Certificates?

ChadH63728
Beginner
Beginner

‎10-17-2022 12:23 PM

Have a cisco Ironport C190 that is using the default ESA certificate for Destination Control. What is the purpose of having a certificate for outbound emails? Typically if you connect to a server you would use their certificate, so why do I need one to send email to a remote server? Seems backwards to me. 

Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎10-18-2022 08:25 PM

Hello,

The Destination Controls certificate would be used for certificate validation (when requested from the server) during the TLS handshake, if and when TLS is used. While this is not common, and you can most likely get away with a self-signed certificate during delivery, it is typically best practice to utilize a 3rd party signed and trusted certificate in case this is required. 

You can read more about the Certificate Request during the handshake within the TLS RFC. 

 

https://www.rfc-editor.org/rfc/rfc5246#page-53

 

Thanks!

-Dennis M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents