Establishing the TLS infrastructure requires that the organization has its own Certificate Authority key or is able to sign all generated certificate requests by the external Certification Authority. Private keys and certificate requests must be generated for each SMTP server in the network. The certificate requests should be signed by the Certificate Authority.