Messaging Gateway

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help

Renewing the certificate itself on the Messaging Gateway is a process done on the control center. Once you have the certificate updated you would want to select each scanner and update the configuration to use the new certificate.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 07-16-2020 11:54 AM
From: orlando bernal
Subject: Certificate expired soon

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help

Original Message:
Sent: 7/16/2020 11:55:00 AM
From: orlando bernal10
Subject: Certificate expired soon

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help

the certificate soon to expired is this 

Original Message:
Sent: 07-16-2020 12:51 PM
From: Thomas Anderson
Subject: Certificate expired soon

The general answer is "no", it won't be "automatically" distributed to the scanners.

You know best, but it "sounds" like you are referring to the "server" certificate that is used in the BCC.  If this is the case, you wouldn't want that to be deployed on the scanners:  it's use is really for browsers  to have confidence that they are "really" talking to the BCC and not some spoofed endpoint.

The certificate that gets pushed out to the scanners is the one that you specify for use in SMTP TLS conversations, since THAT is the certificate presented during the TLS handshake phase when someone tries to send email into the SMG using SMTP TLS.

Original Message:
Sent: 7/16/2020 11:55:00 AM
From: orlando bernal10
Subject: Certificate expired soon

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help

That page would display both TLS (SMTP) certificates and HTTPS certificates so we can't tell for sure from that screenshot.

As tpa pointed out, if the certificate is an https certificate for secure communication with the control center, then it would only be needed to be configured for the control center. You can do that in (Administration > Control Center > Certificates)

My suggestion was for a TLS certificate for SMTP transactions on the scanners. You can configure that (Administration > Configuration > Select a scanner > Edit > SMTP) on the Inbound, Outbound and Authentication tabs.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 07-16-2020 12:57 PM
From: orlando bernal
Subject: Certificate expired soon

the certificate soon to expired is this

Original Message:
Sent: 07-16-2020 12:51 PM
From: Thomas Anderson
Subject: Certificate expired soon

The general answer is "no", it won't be "automatically" distributed to the scanners.

You know best, but it "sounds" like you are referring to the "server" certificate that is used in the BCC.  If this is the case, you wouldn't want that to be deployed on the scanners:  it's use is really for browsers  to have confidence that they are "really" talking to the BCC and not some spoofed endpoint.

The certificate that gets pushed out to the scanners is the one that you specify for use in SMTP TLS conversations, since THAT is the certificate presented during the TLS handshake phase when someone tries to send email into the SMG using SMTP TLS.

Original Message:
Sent: 7/16/2020 11:55:00 AM
From: orlando bernal10
Subject: Certificate expired soon

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help

Never use the demo cert. always use a third party cert for scanner and control center. Since I do it the right way, which is separate the scanner and control center roles, I have 2 cents. Works perfect for like 7 years. Woohoo.


Original Message:
Sent: 7/16/2020 2:10:00 PM
From: Steven R
Subject: RE: Certificate expired soon

That page would display both TLS (SMTP) certificates and HTTPS certificates so we can't tell for sure from that screenshot.

As tpa pointed out, if the certificate is an https certificate for secure communication with the control center, then it would only be needed to be configured for the control center. You can do that in (Administration > Control Center > Certificates)

My suggestion was for a TLS certificate for SMTP transactions on the scanners. You can configure that (Administration > Configuration > Select a scanner > Edit > SMTP) on the Inbound, Outbound and Authentication tabs.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 07-16-2020 12:57 PM
From: orlando bernal
Subject: Certificate expired soon

the certificate soon to expired is this

Original Message:
Sent: 07-16-2020 12:51 PM
From: Thomas Anderson
Subject: Certificate expired soon

The general answer is "no", it won't be "automatically" distributed to the scanners.

You know best, but it "sounds" like you are referring to the "server" certificate that is used in the BCC.  If this is the case, you wouldn't want that to be deployed on the scanners:  it's use is really for browsers  to have confidence that they are "really" talking to the BCC and not some spoofed endpoint.

The certificate that gets pushed out to the scanners is the one that you specify for use in SMTP TLS conversations, since THAT is the certificate presented during the TLS handshake phase when someone tries to send email into the SMG using SMTP TLS.

Original Message:
Sent: 7/16/2020 11:55:00 AM
From: orlando bernal10
Subject: Certificate expired soon

Good morning i have a messaging gateway with self signed certificate for renew this certificate is necessary restart the messaging gateway,  I also wanted to know if, when renewing the certificate in the control center, should the same certificate be added in the scanners or is it automatic?

Thanks for your help