You can assign an MTA TLS certificate to a Scanner. You need to do this if you want the Scanner to send or accept TLS-encrypted messages for scanning of inbound or outbound mail, or for authentication.
You can use a self-signed or Certificate Authority signed certificate. You may also need to install an intermediate or root CA certificate, to ensure that the certificate chain is verifiable. For SMTP/TLS authentication, Symantec Messaging Gateway allows you to use a certificate authority-signed certificate even if there is not a complete path or chain from the client certificate to a certificate authority-signed certificate.
In the Control Center, click Administration > Hosts > Configuration.
Check the box beside the host that you want, and click Edit.
Click the SMTP tab.
Under either Inbound Mail Settings, Outbound Mail Settings, or Authentication Mail Settings, check Accept TLS encryption if you want this Scanner to scan for inbound or outbound TLS-encrypted email, respectively.
In the adjacent drop-down list, choose the MTA TLS certificate that is appropriate to the inbound, outbound, or authentication mail flow.
You can assign the same certificate to both inbound, outbound, and authentication TLS-encrypted email filtering.
Check Request client certificate if you want the inbound or authentication connecting client to present its TLS certificate for authentication.
Clients that do not authenticate successfully will not be allowed to send mail to the appliance.
This step is not applicable to outbound mail flow.
You may need to install an intermediate certificate authority-signed certificate or CA certificate to authenticate the connecting client's TLS certificate.
For authentication only, you can check Require TLS encryption.
Clients that do not use TLS encryption will not be able to authenticate.
Imported Document ID: HOWTO53474
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe