Configuring TLS Settings for Messages Entering IMSS
Procedure
Go to Administration → IMSS Configuration → TLS Settings.
The Transport Layer Security Settings screen appears, displaying the
Messages Entering IMSS tab.
Select Enable TLS on messages entering IMSS to enable TLS on traffic
entering IMSS.
Specify Secure SMTP settings:
Select Enable Secure SMTP.
Specify a port number for Secure SMTP.
Configure IMSS server
certificate settings for messages entering IMSS:
Click Edit Certificates next
to Server Certificate.
The Certificates screen appears.
Click Update.
The Importing Certificate and Private Key dialog
box appears.
Import the certificate.
Import the private key.
Optionally specify the password for the key.
Click OK.
The Certificates screen displays updated information about the certificate
and the public key.
Click Saveto return to the Messages Entering IMSS
tab.
Configure trusted CA certificate settings:
Click Configure next
to Trusted CA Certificates.
The Trusted CA Store (Incoming) screen appears.
Click Import.
The Adding Certificate dialog
box appears.
Import the certificate.
Click OK.
The Trusted CA Store (Incoming) screen displays the CA added to the
trusted CA list.
Click Save to return to the Messages Entering
IMSS tab.
Add domains to the IP Address/Domain List:
Click Add under IP Address/Domain List. The Add TLS IP or
Domain dialog appears.
Specify a domain, IP address, or IP address and subnet
mask in the IP or domain field.
Tip
Trend Micro recommends
adding IP addresses. Adding domains can impact performance because
a query will have to be performed to resolve the domain.
Specify one of the following from the Security level
drop-down list:
None (Disable): IMSS does not use
TLS for the specified IP address or domain.
May (optional TLS):IMSS declares
support for TLS for the specified IP address or domain. The client
can choose whether to start a TLS connection.
Encrypt (TLS with encryption): IMSS requires
TLS for communication for the specified IP address or domain. Communication between
IMSS and
the client is encrypted.
Verify (TLS with client certificate verification): For the IP address or
Domain, IMSS not
only requires clients to start TLS connections, IMSS also requires
clients to send their certificates to IMSS so IMSS can verify
the client’s identity.
Specify one of the following from the Cipher grade drop-down list, if
any option other than None (Disable) was selected
from the Security level drop-down list:
Low: Communication between IMSS and
clients use up to 64-bit encryption.
Medium: Communication between IMSS
and clients use up to 128-bit encryption.
High: Communication between IMSS and
clients use 128-bit or greater encryption.