Messaging Gateway

Expand all | Collapse all

Installing a cert on SMG

  • 1.  Installing a cert on SMG

    Posted 10-25-2020 10:58 PM
    Hi all, we have an SMG appliance running 10.7.3, and so far we've been doing okay without TLS.  One of our vendors is now requiring us to use TLS 1.2 in all correspondence, and I want to make sure that I'm doing this right.  As it stands, the appliance has a hostname of spamfilter.domain.com, and the MTA hostname is smtp.domain.com.  Outside DNS MX entries for this device point to smtp.domain.com.  If I get a RapidSSL cert for smtp.domain.com, what exact steps do I need to perform to use this cert?  My perception, for at least receiving email with TLS, is: (1) generate CSR, (2) obtain cert, (3) import cert, (4) at the very least, go to ADMINISTRATION=>CONFIGURATION=>HOSTNAME=>SMTP=>INBOUND=> "accept TLS encryption".  Is there anything else?

    If I'm right, what is the benefit of "request client certificate"?

    TIA,
    Brian


  • 2.  RE: Installing a cert on SMG

    Posted 10-25-2020 11:22 PM
    Forget request client certificate tick box. If you want to ensure tls, under protocols, domains, make a destination domain with the following options:

    - Require mail from domain to be tls
    - Require tls when sending

    Do this and then u will rock. Woohoo!!!...




  • 3.  RE: Installing a cert on SMG

    Broadcom Employee
    Posted 10-26-2020 12:35 PM
    Brian -

    You are correct with your procedure and steps. Request client certificate is used if you need to verify the certificate of the client system (sender) as well as using your certificate to secure the communication.

    ------------------------------
    Strategic Support Engineer
    Broadcom
    ------------------------------