Messaging Gateway

Expand all | Collapse all

Installing a cert on SMG

  • 1.  Installing a cert on SMG

    Posted 10-25-2020 10:58 PM
    Hi all, we have an SMG appliance running 10.7.3, and so far we've been doing okay without TLS.  One of our vendors is now requiring us to use TLS 1.2 in all correspondence, and I want to make sure that I'm doing this right.  As it stands, the appliance has a hostname of, and the MTA hostname is  Outside DNS MX entries for this device point to  If I get a RapidSSL cert for, what exact steps do I need to perform to use this cert?  My perception, for at least receiving email with TLS, is: (1) generate CSR, (2) obtain cert, (3) import cert, (4) at the very least, go to ADMINISTRATION=>CONFIGURATION=>HOSTNAME=>SMTP=>INBOUND=> "accept TLS encryption".  Is there anything else?

    If I'm right, what is the benefit of "request client certificate"?


  • 2.  RE: Installing a cert on SMG

    Posted 10-25-2020 11:22 PM
    Forget request client certificate tick box. If you want to ensure tls, under protocols, domains, make a destination domain with the following options:

    - Require mail from domain to be tls
    - Require tls when sending

    Do this and then u will rock. Woohoo!!!...

  • 3.  RE: Installing a cert on SMG

    Broadcom Employee
    Posted 10-26-2020 12:35 PM
    Brian -

    You are correct with your procedure and steps. Request client certificate is used if you need to verify the certificate of the client system (sender) as well as using your certificate to secure the communication.

    Strategic Support Engineer