Configuring TLS Settings for Messages Entering IMSS Parent topic

Procedure

  1. Go to AdministrationIMSS ConfigurationTLS Settings.
    The Transport Layer Security Settings screen appears, displaying the Messages Entering IMSS tab.
  2. Select Enable TLS on messages entering IMSS to enable TLS on traffic entering IMSS.
  3. Specify Secure SMTP settings:
    1. Select Enable Secure SMTP.
    2. Specify a port number for Secure SMTP.
  4. Configure IMSS server certificate settings for messages entering IMSS:
    1. Click Edit Certificates next to Server Certificate.
      The Certificates screen appears.
    2. Click Update.
      The Importing Certificate and Private Key dialog box appears.
    3. Import the certificate.
    4. Import the private key.
    5. Optionally specify the password for the key.
    6. Click OK.
      The Certificates screen displays updated information about the certificate and the public key.
    7. Click Saveto return to the Messages Entering IMSS tab.
  5. Configure trusted CA certificate settings:
    1. Click Configure next to Trusted CA Certificates.
      The Trusted CA Store (Incoming) screen appears.
    2. Click Import.
      The Adding Certificate dialog box appears.
    3. Import the certificate.
    4. Click OK.
      The Trusted CA Store (Incoming) screen displays the CA added to the trusted CA list.
    5. Click Save to return to the Messages Entering IMSS tab.
  6. Add domains to the IP Address/Domain List:
    1. Click Add under IP Address/Domain List. The Add TLS IP or Domain dialog appears.
    2. Specify a domain, IP address, or IP address and subnet mask in the IP or domain field.
      Tip
      Tip
      Trend Micro recommends adding IP addresses. Adding domains can impact performance because a query will have to be performed to resolve the domain.
    3. Specify one of the following from the Security level drop-down list:
      • None (Disable): IMSS does not use TLS for the specified IP address or domain.
      • May (optional TLS): IMSS declares support for TLS for the specified IP address or domain. The client can choose whether to start a TLS connection.
      • Encrypt (TLS with encryption): IMSS requires TLS for communication for the specified IP address or domain. Communication between IMSS and the client is encrypted.
      • Verify (TLS with client certificate verification): For the IP address or Domain, IMSS not only requires clients to start TLS connections, IMSS also requires clients to send their certificates to IMSS so IMSS can verify the client’s identity.
    4. Specify one of the following from the Cipher grade drop-down list, if any option other than None (Disable) was selected from the Security level drop-down list:
      • Low: Communication between IMSS and clients use up to 64-bit encryption.
      • Medium: Communication between IMSS and clients use up to 128-bit encryption.
      • High: Communication between IMSS and clients use 128-bit or greater encryption.
    5. Click OK.