Implementing SSL communications
|Article:HOWTO82475|||||Created: 2012-11-30|||||Updated: 2014-06-25|||||Article URL http://www.symantec.com/docs/HOWTO82475|
You can configure Mail Security to use Secure Sockets Layer (SSL) communications by using a valid server certificate. You can create your own server certificate using Microsoft Certificate Services 2.0 or request one from a certificate authority.
After you implement SSL, you must enable SSL from the console and specify the SSL port for each server.
To install a server certificate
On the computer on which Mail Security is installed, click Start > Administrative Tools > Internet Information Services (IIS) Manager.
In the server list, expand the folder for the server that hosts Mail Security.
In the Web sites folder, right-click Symantec Mail Security for Microsoft Exchange, and then click Properties.
Under Secure communications, select the Directory Security tab, and click Server Certificate.
Follow the instructions in the Web server Certificate wizard to install the server certificate.
To implement SSL communications
Ensure that a valid server certificate is installed.
Under Secure Communications, click the Directory Security tab, and then click Edit.
In the Secure Communications dialog box, check Require secure channel (SSL), and then click OK.
On the Web Site tab, under Web site identification, in the IP Address text box, type the IP address of the Mail Security server.
In the SSL Port text box, type the port to use for SSL communications.
Click OK to close the Mail Security Properties window.
To implement SSL communications on Windows 2008 Server
On the local computer, ensure that a valid server certificate is installed in Trusted Root Certification Authorities.
Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
In the Web sites folder, right-click Symantec Mail Security for Microsoft Exchange, click Edit Bindings and select Add.
From the drop-down list, select https and All Unassigned for Type and IP addresses respectively.
In the SSL Port text box, type the port number.
For example, type 8082 for SSL communications.
To avoid port conflicts, ensure that you do not use the ports that Exchange server uses. For example, TCP port 80 and SSL port 443.
From the SSL certificate, select the certificate that you installed and restart the Symantec Mail Security for Microsoft Exchange Web site.
In the right pane, double-click Authentication and ensure that Windows Authentication and ASP.NET Impersonation are enabled.
From the Web sites folder, select Symantec Mail Security for Microsoft Exchange.
In the right pane, double-click SSL Settings and check Require SSL and Require 128-bit SSL.
Click Apply to apply the changes.
To implement SSL communications on client computer
Export the server certificate from the server and install it to the client computer where Mail Security console is installed in Trusted Root Certification Authorities.
Open Certificate snap-in and ensure that the certificate resides in Trusted Root Certification Authorities.
On the Mail Security console, click the Assets tab and click Add server(s) to add a server.
Right-click the server that you added and then click Properties.
Provide the SSL port number that is configured on the server.
Check Use SSL and click OK.
You can now connect to the server from the console by using the SSL connection.
Article URL http://www.symantec.com/docs/HOWTO82475