Configuring TLS Settings for Messages Exiting IMSS
Procedure
Go to Administration → IMSS Configuration → TLS Settings.
The Transport Layer Security Settings screen appears, displaying the
Messages Entering IMSS tab.
Click Messages Exiting IMSS.
The Messages Exiting IMSS screen appears.
Click Enable TLS on messages exiting IMSS, to enable TLS on traffic
exiting IMSS.
Configure IMSS client
certificate settings for messages exiting IMSS:
Click Edit Certificates next
to Client Certificate.
The Certificates screen appears.
Click Import.
The Importing Certificate and Private Key dialog
box appears.
Import the certificate.
Import the private key.
Specify the password for the key.
Click OK.
TheCertificates screen displays updated information about the certificate
and the public key.
Click Save to return to the Messages Exiting IMSS
tab.
Configure trusted CA certificate settings:
Click Configure next
to Trusted CA Certificates.
TheTrusted CA Store (Outgoing) screen appears.
Click Import.
The Adding Certificate dialog box appears.
Import the certificate.
Click OK.
The Trusted CA Store (Outgoing) screen displays the CA added to the Trusted
CA list.
Click Save to return to the Messages Exiting IMSS
tab.
Add domains to the Domain List:
Click Add under Domain List.
The Add TLS Domain dialog appears.
Specify a domain in the Domain field.
Specify one of the following from the Security level drop-down
list:
None (Disable):IMSS does
not use TLS for the specified domain.
May (optional TLS):IMSS declares
support for TLS for the specified domain. The server can choose
whether to start a TLS connection.
Encrypt (TLS with encryption):IMSS requires
TLS for communication for the specified domain. Communication between IMSS and
the client is encrypted.
Verify (TLS with client certificate verification): For
the domain, IMSS not
only requires clients to start TLS connections, IMSS requires
clients to send their certificates to IMSS so IMSS can
verify the client’s identity.
Secure: For the specified domain, IMSS requests
the certificate from the server. If the common name in the certificate
is not equal to or is not a sub-domain of the MTA's domain the message
is blocked.
Specify one of the following from the Cipher grade
drop-down list, if any option other than None (Disable) was selected
from the Security level drop-down list:
Low: Communication between IMSS and clients
use up to 64-bit encryption.
Medium: Communication between IMSS and clients
use up to 128-bit encryption.
High: Communication between IMSS and clients
use 128-bit or greater encryption.