Configuring TLS Settings for Messages Exiting IMSS Parent topic

Procedure

  1. Go to AdministrationIMSS Configuration TLS Settings.
    The Transport Layer Security Settings screen appears, displaying the Messages Entering IMSS tab.
  2. Click Messages Exiting IMSS.
    The Messages Exiting IMSS screen appears.
  3. Click Enable TLS on messages exiting IMSS, to enable TLS on traffic exiting IMSS.
  4. Configure IMSS client certificate settings for messages exiting IMSS:
    1. Click Edit Certificates next to Client Certificate.
      The Certificates screen appears.
    2. Click Import.
      The Importing Certificate and Private Key dialog box appears.
    3. Import the certificate.
    4. Import the private key.
    5. Specify the password for the key.
    6. Click OK.
      TheCertificates screen displays updated information about the certificate and the public key.
    7. Click Save to return to the Messages Exiting IMSS tab.
  5. Configure trusted CA certificate settings:
    1. Click Configure next to Trusted CA Certificates.
      TheTrusted CA Store (Outgoing) screen appears.
    2. Click Import.
      The Adding Certificate dialog box appears.
    3. Import the certificate.
    4. Click OK.
      The Trusted CA Store (Outgoing) screen displays the CA added to the Trusted CA list.
    5. Click Save to return to the Messages Exiting IMSS tab.
  6. Add domains to the Domain List:
    1. Click Add under Domain List.
      The Add TLS Domain dialog appears.
    2. Specify a domain in the Domain field.
    3. Specify one of the following from the Security level drop-down list:
      • None (Disable): IMSS does not use TLS for the specified domain.
      • May (optional TLS): IMSS declares support for TLS for the specified domain. The server can choose whether to start a TLS connection.
      • Encrypt (TLS with encryption): IMSS requires TLS for communication for the specified domain. Communication between IMSS and the client is encrypted.
      • Verify (TLS with client certificate verification): For the domain, IMSS not only requires clients to start TLS connections, IMSS requires clients to send their certificates to IMSS so IMSS can verify the client’s identity.
      • Secure: For the specified domain, IMSS requests the certificate from the server. If the common name in the certificate is not equal to or is not a sub-domain of the MTA's domain the message is blocked.
    4. Specify one of the following from the Cipher grade drop-down list, if any option other than None (Disable) was selected from the Security level drop-down list:
      • Low: Communication between IMSS and clients use up to 64-bit encryption.
      • Medium: Communication between IMSS and clients use up to 128-bit encryption.
      • High: Communication between IMSS and clients use 128-bit or greater encryption.
    5. Click OK.