Adding a TLS certificate and enabling it for Inbound and/or Outbound messages.

Article:TECH96523  |  Created: 2009-01-01  |  Updated: 2010-01-22  |  Article URL http://www.symantec.com/docs/TECH96523
Article Type
Technical Solution


Issue



You want to know how to enable TLS for Inbound and/or Outbound mail on the Symantec Brightmail Gateway.


Solution



Accepting TLS certificates:
If you wish the Symantec Brightmail Gateway to accept TLS connections from other SMTP hosts, a TLS certificate will need to be added and enabled.

To add a TLS certificate for Use:
  1. Select the Administration tab.
  2. Select Certificates under the Settings list on the left hand side of the page.
  3. Ensure the TLS & HTTPS Certificates tab is selected.
  4. Select the Import button.
  5. On the Import Certificate page, type the full path or browse to the location of the certificate file. Note the certificate file must be a .pem format with the certificate or domain key included as Base64 encoded text.)
  6. Select Import.

More information on adding certificates can be found in Chapter 8 of the Administration Guide.

To enable TLS encryption for Inbound and/or Outbound Messages:

After the TLS certificate is installed, Accept TLS encryption will need to be enabled for each scanner you wish to use TLS on. You may enable TLS for Inbound and Outbound settings separately.
  1. Select the Administration tab.
  2. Select Configuration under the Host sidebar on the left hand side of the page.
  3. Select the Host to enable TLS on and click the edit button.
  4. Select the SMTP tab.
  5. Check the Accept TLS encryption box and select the TLS certificate to use from the drop down box on the right.
  6. For Inbound connections, a TLS client certificate can be requested when making the connection.

TLS for delivery to specific domains:
You may enable TLS for delivery of mail on a per-domain basis.
  1. Select the Protocols tab.
  2. Select Domains under the SMTP sidebar on the left hand side of the page.
  3. Either select the Add button to add a new domain or select a domain and click the Edit button to change an existing domain.
  4. Select the Delivery tab.
  5. In the TLS Encryption box, Check the box for Optional delivery encryption
  6. Select either Attempt TLS encryption or one of the two Require TLS options. Note: If either of the Require TLS encryption options are chosen and the remote mail system does not support TLS, the messages will bounce for that system.
  7. Select Save to commit the changes.

Enabling TLS for all mail delivery:
  1. Select the Administration tab.
  2. Select Configuration under the Host sidebar on the left hand side of the page.
  3. Select the Host to enable TLS on and click the edit button.
  4. Select the SMTP tab.
  5. At the bottom of the page, select the Advanced Settings button.
  6. Scroll down to the SMTP Delivery Configuration box.
  7. Check the box for Attempt TLS encryption for Delivery of all messages.
  8. If you have a TLS client certificate, you may also optionally check Offer TLS client certificate.
  9. Select the Continue button.
  10. Click the Save button to commit the changes.
  11. If you have multiple scanners, repeat these steps for each scanner.



References
Symantec Brightmail Gateway Adminstration Guide





Legacy ID



2009100211203054


Article URL http://www.symantec.com/docs/TECH96523


Terms of use for this information are found in Legal Notices