Boundary Encryption Service. MTA Setup Guide

Size: px
Start display at page:

Download "Boundary Encryption Service. MTA Setup Guide"

Transcription

1 Boundary Encryption Service MTA Setup Guide

2 Boundary Encryption MTA Setup Guide Documentation version: 2.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. Symantec Corporation 350 Ellis Street Mountain View, CA Clients are advised to seek specialist advice to ensure that they use the Symantec services in accordance with relevant legislation and regulations. Depending on jurisdiction, this may include (but is not limited to) data protection law, privacy law, telecommunications regulations, and employment law. In many jurisdictions, it is a requirement that users of the service are informed of or required to give consent to their being monitored or intercepted for the purpose of receiving the security services that are offered by Symantec. Due to local legislation, some features that are described in this documentation are not available in some countries. Configuration of the Services remains your responsibility and entirely in your control. In certain countries it may be necessary to obtain the consent of individual personnel. Symantec advises you to always check local legislation prior to deploying a Symantec service. You should understand your company s requirements around electronic messaging policy and any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept no liability for any civil or criminal liability that may be incurred by you as a result of the operation of the Service or the implementation of any advice that is provided hereto. The documentation is provided "as is" and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Symantec Corporation shall not be liable for incidental or consequential damages in connection with the furnishing, performance, or use of this documentation. The information that is contained in this documentation is subject to change without notice. Symantec may at its sole option vary these conditions of use by posting such revised terms to the website.

3 Technical support If you need help on an aspect of the security services that is not covered by the online Help or administrator guides, contact your IT administrator or Support team. To find your Support team's contact details in the portal, click Support > Contact us.

4 Contents Technical support... 3 Chapter 1 BE MTA Setup... 6 About configuring a mail server to work with Boundary Encryption... 6 Chapter 2 Microsoft Exchange Server About Microsoft Exchange Server Generating a certificate request... 9 Getting a certificate signed Installing the certificate Installing root certificates Confirming that the certificate is installed Configuring Exchange for outbound TLS Mail Testing secure communications Advanced configuration information Chapter 3 Microsoft Exchange Server 2007 and About Microsoft Exchange Server 2007 and Generate a certificate request Getting a certificate signed Install the certificate Install root and intermediary certificates Activating the certificate Removing the default self-signed certificate Testing inbound TLS mail Configuring Exchange for outbound TLS mail Enforcing TLS on outbound mail Chapter 4 Sendmail About Sendmail Checking for TLS support Generating a certificate request Installing certificates... 39

5 Contents 5 Testing secure communications with sendmail Chapter 5 Domino About Domino Generating a certificate request Installing root certificates Installing the certificate Configuring Domino Testing secure communications Chapter 6 Generic MTA Generic MTA... 59

6 Chapter 1 BE MTA Setup This chapter includes the following topics: About configuring a mail server to work with Boundary Encryption About configuring a mail server to work with Boundary Encryption Boundary Encryption lets you send and receive secure between your company and your business partners through the use of digital certificates. These certificates are used to verify the identity of mail servers that send and receive mail. Then the mail is encrypted using the TLS (Transport Layer Security) protocol as it is sent over the Internet For further details on the service and before attempting any of the configurations, read the FAQs about Boundary Encryption. FAQs about Boundary Encryption Ensure that your organization is configured to send your outbound through the Symantec.cloud infrastructure. You can do this in the portal. Navigate to Services > Services > Outbound Routes. The key steps to enabling the Boundary Encryption Service are: Complete the Boundary Encryption provisioning forms. Generate a certificate request for your MTA (Message Transfer Agent). An MTA is the component of a mail server that receives, routes, and delivers . Get the certificate signed. Install the certificate on the MTA. Install the root certificate.

7 BE MTA Setup About configuring a mail server to work with Boundary Encryption 7 Configure the MTA to send and receive mail encrypted by TLS either for Secure Connect or for a defined set of business partners to a Symantec.cloud Boundary Encryption server. Test that mail is encrypted and that TLS is used. Once the Boundary Encryption Client and Business Partner Information forms are completed, the configuration steps depend on the type of mail server software in use. We provide instructions for the mail software products that are listed in the following table. Table 1-1 MTA product Mail software products covered in this guide Further information Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 and 2010 Sendmail 8.12 Domino 6.5 See About Microsoft Exchange Server 2003 on page 8. See About Microsoft Exchange Server 2007 and 2010 on page 30. See About Sendmail 8.12 on page 38. See About Domino 6.5 on page 43. If your mail server software is not on this list, you may still be able to use the service. If you are a Symantec.cloud client, check with Client Services to see if this possible. If you are implementing this service at the request of your business partner who is a Symantec.cloud client, please confirm this with your business partner. Note: These instructions describe the steps to configure a mail server to work with Boundary Encryption. They do not cover the initial setup of a mail server and do not address all scenarios. You may need to customize these instructions to work with your own particular configuration.

8 Chapter 2 Microsoft Exchange Server 2003 This chapter includes the following topics: About Microsoft Exchange Server 2003 Generating a certificate request Getting a certificate signed Installing the certificate Installing root certificates Confirming that the certificate is installed Configuring Exchange for outbound TLS Mail Testing secure communications Advanced configuration information About Microsoft Exchange Server 2003 The key steps to configuring Exchange 2003 with TLS are: Generate a certificate request Have the certificate signed by a public CA Install the certificate Install root certificates Check that the certificate is installed

9 Microsoft Exchange Server 2003 Generating a certificate request 9 Configure outbound communications by creating a new connector that uses TLS Test proper operation, both with TLS and non-tls mail. Generating a certificate request Generate a certificate request by enabling certificates on the virtual server used for routing SMTP mail to the Internet. Normally this is called "Default SMTP Virtual Server". Note: If you use more than one virtual server, it is important that the certificate request is originated from the one that handles the TLS communication. This may or may not be the default SMTP virtual server. (For further information on creating virtual servers and allocating IP addresses and port numbers, please see the Microsoft Exchange support information.) To generate a certificate request 1 In the left pane of Exchange System Manager, open the Servers container. 2 Click the Exchange Server computer that you want to configure, double-click the Protocols container and then double-click the SMTP container. 3 Right-click the appropriate SMTP virtual server object, and then click Properties. 4 Click the Access tab, and then click the Certificate button. 5 After the IIS Certificate Wizard starts, click Create a new certificate, and then click Next. 6 Click Prepare the request now, but send it later, and then click Next.

10 Microsoft Exchange Server 2003 Generating a certificate request 10 7 Either assign an appropriate name to the certificate or accept the default setting of name of virtual server, select a bit length, and then click Next. Symantec.cloud recommends a key length of 2048 bits. Longer key lengths affect performance and may be more expensive.

11 Microsoft Exchange Server 2003 Generating a certificate request 11 8 Type the organization and organizational unit information for the CA from which you want to request a certificate, and then click Next. This information is typically available from the CA's Web site or the information is sent to you when you register with the CA.

12 Microsoft Exchange Server 2003 Generating a certificate request 12 9 Enter the common name for your server, and then click Next. This name must be the name that the server returns in response to the EHLO command. This is normally the fully-qualified domain name. You can check it by telnetting to port 25 of the IP address that the virtual server is running on and typing EHLO SMTP. It is also recommended that this be registered in DNS and externally resolvable to the IP address that is linked to the virtual server. In DNS, only an A (Address) record is needed - do not create a MX (Mail Exchanger) record. You can change the name returned by the EHLO command by editing the Fully-qualified domain name on the Advanced Delivery dialog box in the virtual server properties. This may be useful if there is a DNS name clash or a problem with the certificate name. 10 On the Geographical Information page, type the Country/Region, State/province, and City/locality information as appropriate for your organization, and then click Next.

13 Microsoft Exchange Server 2003 Generating a certificate request Type a name and a path for the location in which you want to create the certificate or accept the default file name. 12 Click Next.

14 Microsoft Exchange Server 2003 Getting a certificate signed Review the information on the Request File Summary page, and then click Next. 14 The final page confirms that a certificate with the specified file name has been created. The default setting is drive name:\certreq.txt. 15 Click Finish. Getting a certificate signed The certificate request file needs to be signed by a Certification Authority (CA) trusted by Symantec.cloud. This certificate signing process may need to be repeated for each of your mail servers. Note: This process varies from vendor to vendor. For information on getting the certificate signed, see you vendor's support documentation. We recommend that you obtain 2,048-bit certificates from a recognized public CA. Ask your CA to ensure that the SSL-Client X.509v3 extension is included in your certificate.

15 Microsoft Exchange Server 2003 Installing the certificate 15 Table 2-1 The CAs trusted by Symantec.cloud ABA.ECOM GlobalSign QuoVadis Thawte AddTrust Go Daddy RSA Data Security Trustis FPS Comodo GEOTrust SecureNet Usertrust DigiCert Inc GTE CyberTrust Starfield Tech Valicert DST IPS Servidores StartCom Verisign Entrust.net Netlock Tata Equifax Network Solutions TC TrustCenter See About configuring a mail server to work with Boundary Encryption on page 6. See Generating a certificate request on page 9. Installing the certificate Send the certificate request file that you created in the previous section to your CA. Alternatively, your CA may have a Web-based interface that permits you to submit the certificate request. You should receive a file that has a.cer file name extension. After you receive this file, restart the Certificate Wizard to install this certificate. Refer to the FAQs about Boundary Encryption Service for important information about certificates. FAQs about Boundary Encryption Note: After completing the following procedure, you must restart the SMTP virtual server responsible for the TLS connection with Symantec.cloud. Note that restarting the virtual server, may mean a temporary loss of connectivity to the Symantec.cloud infrastructure. 1 On the virtual server that you used in the previous section, click Properties, click the Access tab, and then click the Certificate button. 2 After the Certificate Wizard restarts and you receive notification that you have a pending certificate request, click Next.

16 Microsoft Exchange Server 2003 Installing root certificates 16 3 On the Pending Certificate Request page, click Process the pending request and install the certificate, and then click Next In the Process a Pending Request, type the path to the certificate that you received from the external CA. 4 Review the Certificate Summary page, which shows the information that is contained in the certificate: who issued the certificate, when the certificate expires, what the certificate is to be used for, and the certificate friendly name. Make sure this is the correct certificate and then click Next. 5 After you receive notification that the certificate is successfully installed on the virtual server, click Finish. For the changes to take effect, you must restart the SMTP virtual server responsible for the TLS connection with Symantec.cloud. Installing root certificates To avoid any problems with certificate chain validation, make sure that CA-trusted root certificates are installed for both your own certificate and that of Symantec.cloud. Many trusted root certificates are installed by default on Windows. For Windows 2000 Server, this list is kept up to date by Windows Update. For Windows Server 2003 and 2008, selected trusted root certificates are automatically installed when

17 Microsoft Exchange Server 2003 Installing root certificates 17 you visit a Web site secured by a certificate in that chain. You can see which certificates are installed through the following procedure.

18 Microsoft Exchange Server 2003 Installing root certificates 18 To install the root certificate 1 In a Microsoft Management Console window, on the Start menu, click Run. Type mmc and click OK. A blank MMC console is created. 2 Click File > ADD/Remove Snap-in > Add and then select the Certificates Snap-in.

19 Microsoft Exchange Server 2003 Installing root certificates 19 3 Click Add. You are prompted to choose the account that the snap-in will manage. Choose Computer Account, click Next, leave Local computer selected and click Finish, Close, and then OK.

20 Microsoft Exchange Server 2003 Installing root certificates 20 4 Expand the Certificates container in the left hand pane and browse to Trusted Root Certification Authorities then Certificates. Make sure that the root certificate for your own CA and the root certificate for Trustis are present in the list.

21 Microsoft Exchange Server 2003 Installing root certificates 21 5 Consult your own CA for advice if you suspect that their root certificate is not already present. If the Trustis FPS Root CA is not listed, the certificate is available from: Download the file in DER format and save it with a.cer extension. Double-click the.cer file and the certificate is displayed. 6 Click Install Certificate to start the Certificate Import Wizard. Leave Automatically select the certificate store based in the type of certificate, click Next, and then click Finish. A message box pops up to say that the import was successful. Refresh the view in the MMC by pressing F5 and verify that the certificate is now present. 7 Close the MMC without saving the console settings.

22 Microsoft Exchange Server 2003 Confirming that the certificate is installed 22 Confirming that the certificate is installed To confirm that the certificate is installed 1 On the Start menu, click All Programs > Microsoft Exchange > System Manager. 2 In the left pane of Exchange System Manager, double-click Servers. 3 Click the Exchange Server computer that you want to configure, double-click the Protocols container and then double-click the SMTP container. 4 Right-click the virtual server object that the certificate has been generated and installed for, and then click Properties. 5 Click the Access tab, and check that the Communication button is active. Note: If the Communication button is grayed out, the certificate is not installed correctly. Configuring Exchange for outbound TLS Mail We recommend that you create an SMTP connector to handle outbound TLS delivery for the domains you have nominated to use for the Boundary Encryption service. This option is preferred over using the existing SMTP virtual server.

23 Microsoft Exchange Server 2003 Configuring Exchange for outbound TLS Mail 23 To create a new connector 1 In the left pane of Exchange System Manager, navigate to Administrative Groups. Right click on Connectors and select New > SMTP Connector. The Properties dialog of a new SMTP connector is displayed. 2 Type a meaningful name into the Name field such as "Symantec.cloud Boundary Encryption".

24 Microsoft Exchange Server 2003 Configuring Exchange for outbound TLS Mail 24 3 Select Forward all mail through this connector to the following smart hosts and type in your Symantec.cloud outbound cluster hostname. You should have received this in your New Customer confirmation . It is in the format: clusterxout.xx.messagelabs.com - where the x characters need to be modified to your specific hostname 4 Add the local bridgehead server by clicking Add and selecting the virtual server that is associated with your certificate. Click OK. 5 On the Address Space tab, click Add, select SMTP, and click OK. 6 If you are configuring Exchange for:

25 Microsoft Exchange Server 2003 Configuring Exchange for outbound TLS Mail 25 The Policy Based Encryption service or the Boundary Encryption service over Secure Connect, go on to step 8. Just the Boundary Encryption service for your business partners, click Add, select SMTP and enter the domain name of your business partner. Click OK. Repeat this step for all of your business partners.

26 Microsoft Exchange Server 2003 Configuring Exchange for outbound TLS Mail 26 7 Select the existing SMTP entry (with a * in the address column), click Remove, and confirm that you want to remove the entry.

27 Microsoft Exchange Server 2003 Testing secure communications 27 8 Click the Advanced tab and then click Outbound Security. Select the TLS encryption checkbox, so that it is checked. Click OK twice to complete the connector configuration Testing secure communications Exchange should now be tested to verify that secure communications are taking place. You should also verify that insecure communications to organizations outside the Secure Private Network continue to function normally. To do so, send to an unsecured address and wait for the reply mail.

28 Microsoft Exchange Server 2003 Testing secure communications 28 To test secure connection 1 Telnet to port 25 of the IP address that the virtual server is running on. 2 Type in EHLO and press Enter. You see a list of SMTP commands. 3 Type START TLS The server responds with OK. 4 Verify with Symantec.cloud Client Services that the set up for your service has been completed. 5 Turn on logging. In Exchange System Manager, right-click the virtual server that you created. Check Enable Logging. Edit the Properties to determine the log file directory. Normally this is under C:\WINDOWS\System32\LogFiles. Send or receive some with a partner using the Boundary Encryption Service and then review the log file. If Exchange is encrypting the mail with TLS, the STARTTLS verb is visible in the logs.

29 Microsoft Exchange Server 2003 Advanced configuration information 29 6 Send an to a server that is known to offer TLS. Check the message headers for an indication that the message was in fact encrypted. Mail servers relaying the message generally add a header detailing the type of encryption used. 7 Optionally, you can use network monitor to capture traffic going to and from port 25 of the IP address that the virtual server is running on, to verify that the information is encrypted and that the content is not in plain text. For more information about setting up and using Network Monitor, see "Monitoring Network Performance" in the Microsoft Windows Server 2003 Resource Kit Server Operations Guide or refer to Microsoft Knowledgebase article Q ( Advanced configuration information By default, Exchange does not check certificate chain validity. This check is recommended for maximum security. To enable this, you must edit the metabase. Note: Exercise extreme caution when editing the metabase; using it incorrectly can cause serious problems requiring you to reinstall Exchange or the operating system. Back up the metabase before you start. If your server is running IIS 5.0, use MetaEdit 2.2, obtainable from the following URL: If your server is running IIS 6.0, use Metabase Explorer which can be found in the IIS 6.0 Resource Kit. This is available for download from Microsoft at the following link: 782c25d3-0f ba36-f0d8f351d398/iis60rkt.exe Review the instructions that come with the tool and then add or change the following metakeys: smtpsvc/{vsi#}/verifysslcertissuer 1 smtpsvc/{vsi#}/verifysslcertsubject 1 Note: If the VerifySSLCertSubject check is enforced, then Exchange tries to match the subject with the smarthost name entry on the SMTP connector pointing to the remote TLS enabled server. This ensures that the Symantec.cloud server is identified correctly.

30 Chapter 3 Microsoft Exchange Server 2007 and 2010 This chapter includes the following topics: About Microsoft Exchange Server 2007 and 2010 Generate a certificate request Getting a certificate signed Install the certificate Install root and intermediary certificates Activating the certificate Removing the default self-signed certificate Testing inbound TLS mail Configuring Exchange for outbound TLS mail About Microsoft Exchange Server 2007 and 2010 The key steps to configuring Exchange with TLS are: Generate a certificate request Have the certificate signed by a public CA Install root certificates Install the certificate Activate the certificate for the required Exchange services

31 Microsoft Exchange Server 2007 and 2010 Generate a certificate request 31 Remove the default self signed certificate Finalize TLS configuration Enforce TLS on outbound (optional) Note: If you use Microsoft Exchange 2010, you can complete the certification tasks Exchange Certificate Wizard. To access the Microsoft 2010 Exchange Certificate wizard 1 In the console tree, click Server Configuration. 2 In the action pane, click New Exchange Certificate to open the wizard. This wizard helps you determine the type of certificates you need for your Exchange organization. 3 Complete the screens of the wizard as required. For full instructions on using the wizard, see the following URL: Generate a certificate request A self-signed certificate is installed with each Exchange 2007 installation. For the Exchange server to communicate with Symantec.cloud over TLS, this certificate needs to be replaced. The certificate request must be signed by a supported certificate authority (CA). The steps for generating the certificate request, installing, and activating the certificate for TLS services are detailed below. Note: If you already have a signed certificate from a previous version of Exchange, skip to the following section: See Install the certificate on page 35. To view available certificates: In the Exchange Management shell, use the command: get-exchangecertificate The two thumbprints relate to the default self-signed certificates installed as part of the Exchange 2007 installation. Note: The Services column displays the self-signed certificate currently being used for IMAP, POP, IIS, and SMTP (IP.WS).

32 Microsoft Exchange Server 2007 and 2010 Generate a certificate request 32 To generate a new certificate request:

33 Microsoft Exchange Server 2007 and 2010 Generate a certificate request 33 In the Exchange Management shell, use the command: new-exchangecertificate followed by: -domainname -FriendlyName -generaterequest:$true -keysize path -privatekeyexportable:$true subjectname Followed by a comma-separated list of all names (SANs) that are represented within the environment. Note: Include multiple SANs to ensure compatibility with both internal and external secure communication. Ensure that you include at least the name of the SMTP server that will communicate with Symantec.cloud, such as mail.yourdomain.com. This is typically the name advertised on the SMTP banner of the server. Followed by the friendly name. This is an arbitrary value for your certificate This confirms that you are asking for a certificate to be generated Followed by the key size of your certificate e.g (We recommend that you obtain 2,048-bit certificates) This is the path to the saved certificate request This defines that the private key should be exportable This is the X400 name on the certificate For example: new-exchangecertificate -domainname yourdomain.com, yourdomain.local, netbiosname, mailserver.yourdomain.com -FriendlyName yourcompanyfriendlyname -generaterequest:$true -keysize path pathtofile -privatekeyexportable:$true -subjectname X400address Note: The text in italics above needs to be changed to the data relevant to your environment. The following is an example request:

34 Microsoft Exchange Server 2007 and 2010 Getting a certificate signed 34 The first thumbprint is the certificate request that has just been generated. Getting a certificate signed The certificate request file needs to be signed by a Certification Authority (CA) trusted by Symantec.cloud. This certificate signing process may need to be repeated for each of your mail servers. Note: This process varies from vendor to vendor. For information on getting the certificate signed, see you vendor's support documentation. We recommend that you obtain 2,048-bit certificates from a recognized public CA. Ask your CA to ensure that the SSL-Client X.509v3 extension is included in your certificate. Table 3-1 The CAs trusted by Symantec.cloud ABA.ECOM GlobalSign QuoVadis Thawte AddTrust Go Daddy RSA Data Security Trustis FPS Comodo GEOTrust SecureNet Usertrust DigiCert Inc GTE CyberTrust Starfield Tech Valicert DST IPS Servidores StartCom Verisign Entrust.net Netlock Tata Equifax Network Solutions TC TrustCenter See About configuring a mail server to work with Boundary Encryption on page 6.

35 Microsoft Exchange Server 2007 and 2010 Install the certificate 35 Install the certificate See Generating a certificate request on page 9. Once the signed certificate has been obtained from a trusted CA, it must be installed using the Exchange Management Shell. To install the certificate In the Exchange Management shell, enter the command Import-ExchangeCertificate -path followed by the path and file name of the certificate: Install root and intermediary certificates For information on installation of root and intermediary certificates from your vendor, follow the instructions for Exchange These certificates cannot be installed using the Exchange Management Console. See Installing root certificates on page 16. Activating the certificate The signed certificate must be activated for the necessary Exchange Services. In the example below, all services are enabled for this certificate. At least SMTP is required for TLS communications with Symantec.cloud. Removing the default self-signed certificate To remove the default self-signed certificate Remove the default signed certificate: The original self-signed certificate is now removed. The newly installed certificate signed by a trusted third party shown below can now send and receive secure with Symantec.cloud for the services advertised.

36 Microsoft Exchange Server 2007 and 2010 Testing inbound TLS mail 36 Testing inbound TLS mail To test inbound TLS connectivity once the certificate installation process has concluded, contact Symantec.cloud. Configuring Exchange for outbound TLS mail Note: To enforce TLS on your outbound mail, see the following section: See Enforcing TLS on outbound mail on page 37. To deliver outbound TLS mail to Symantec.cloud 1 Open the Exchange Management Console and navigate to the Organization Configuration. 2 Within your transport node, create a send connector. 3 Modify the properties of the connector to represent the address space. To use this connector for all outbound mail use *. 4 On the Network tab, click Add and enter the smart host setting for your region (as provided to you by Symantec.cloud). This is in the format; clusterxout.yy.messagelabs.com - where x should be replaced with the appropriate cluster number and yy the appropriate region code

37 Microsoft Exchange Server 2007 and 2010 Configuring Exchange for outbound TLS mail 37 5 Click Apply. 6 Highlight the required smarthost in the list. 7 Click OK. Enforcing TLS on outbound mail To enforce TLS on the send connector In the Exchange Management shell, enter the command: Set-SendConnector "Outbound " -RequireTLS:$True Where "Outbound " is the name of the send connector being used for the communication with Symantec.cloud. This can be verified using the command: get-sendconnector list To test outbound TLS connectivity, contact Symantec.cloud.

38 Chapter 4 Sendmail 8.12 This chapter includes the following topics: About Sendmail 8.12 Checking for TLS support Generating a certificate request Installing certificates Testing secure communications with sendmail About Sendmail 8.12 Note: For instructions on other versions of Sendmail, see the Sendmail Support article SMTP STARTTLS in sendmail/secure Switch: In the following instructions, names starting with conf refer to m4 variable names used in a.mc file. OpenSSL must be installed on the server running sendmail. Checking for TLS support Sendmail 8.12 (and 8.11) supports TLS as defined in RFC It may need to be recompiled with STARTTLS support if this has not already been done. Type the following command: sendmail -d0 < /dev/null grep -i tls If TLS is supported, the STARTTLS verb is visible in the output. If not, recompile sendmail with STARTTLS support via a custom site.config.m4 must be installed on

39 Sendmail 8.12 Generating a certificate request 39 the system in question first. Alternatively, STARTTLS may be available in a special package or port of sendmail, depending on the vendor in question. Generating a certificate request Check that your preferred certificate authority is listed in the following section or choose one from that list: See Getting a certificate signed on page 34. Most major CAs have detailed instructions on how to generate the Certificate Signing Request (CSR). See their Web sites for details. Make sure that the common name is the fully qualified domain name of your host. Note: For sendmail to start up unattended, the private key must not be encrypted. Otherwise, you must enter the passphrase each time sendmail is started as server or client. Installing certificates Note: If you install a new certificate (including a renewed certificate), you should restart the Sendmail daemon after you install the certificate. This is because Sendmail caches the certificate and needs a restart to clear the cached certificate and pick up the new one.

40 Sendmail 8.12 Installing certificates 40 To install a certificate 1 Install the CA certificate of your own CA into confcacert. Note: Do not list too many root CA certificates in that file. Otherwise, OpenSSL may not work as expected, and the TLS handshake will fail. 2 Install the CA certificate of Symantec.cloud' CA Trustis into confcacert_path with symbolic links of its hash pointing to it: C=FileName_of_CA_Certificate ln -s $C `openssl x509 -noout -hash < $C`.0 (or sslc instead of openssl) This CA certificate is required to successfully authenticate the Symantec.cloud infrastructure. The signature of the certificate presented by Symantec.cloud is checked against this CA. If the CA issued the certificate, the authentication is considered successful. 3 Install the certificate that you generated as confserver_cert and the private key as confserver_key. Make sure that the file is only readable by root or the trusted user. For simplicity, use the same file names for confclient_cert and confclient_key, respectively. See Generating a certificate request on page 39. If your CA used an Intermediate CA to sign your certificate, then you should include the Intermediate CA certificates in the file pointed to by confserver_cert along with your signed certificate. Your signed certificate should be at the top of the file, with any Intermediate CA certificates following it; for example: Signed-Certificate First-Intermediate-CA-Certificate Second-Intermediate-CA-Certificate <EOF> where <EOF> is the end of file.

41 Sendmail 8.12 Testing secure communications with sendmail 41 4 If you run Sendmail 8.11 or later and your OS does not have /dev/urandom, then you need to set up a source to seed the pseudo random number generator. For Solaris 7 and 8, you may assess whether a suitable kernel module for /dev/random is available or see whether Sun has a package called SUNWski for your operating system. It is strongly advised to use at least EGD (Entropy Gathering Daemon) and compile sendmail with the flag EGD, and point confrand_file to the socket used by EGD (use egd: as a prefix). If neither /dev/urandom nor EGD are available, make sure that useful random data is available all the time in confrand_file (use file: as a prefix). If the file has not been modified in the last 10 minutes before it is to be used by sendmail, the content is considered obsolete. In this case, the pseudo-random number generator for TLS is only seeded with other random data if the DontBlameSendmail option InsufficientEntropy is set. This is almost always not sufficient for security. 5 Set the following variables in sendmail.mc and then build the configuration file sendmail.cf. define(`confcacert_path', `/etc/mail/certs')dnl define(`confcacert', `/etc/mail/certs/cacert.pem')dnl define(`confserver_cert', `/etc/mail/certs/mycert.pem')dnl define(`confserver_key', `/etc/mail/certs/mykey.pem')dnl define(`confclient_cert', `/etc/mail/certs/mycert.pem')dnl define(`confclient_key', `/etc/mail/certs/mykey.pem')dnl 6 Restart the Sendmail daemon. Testing secure communications with sendmail When the previous procedures have been completed, Sendmail is configured to use secure communications. It is ready to send mail via TLS to any mail server that offers it, as well as offering TLS to any mail server that connects as a client. You can test the connection.

42 Sendmail 8.12 Testing secure communications with sendmail 42 To test the connection 1 Make sure that the sendmail daemon is running, then telnet to port 25 of the server (i.e. localhost if you are on the sendmail server). 2 Issue the SMTP command EHLO SMTP and look for 250-STARTTLS in the response. If this option is not given, check your log file to determine if any security problems are logged, e.g. unsafe files. If this does not reveal any problems, increase the LogLevel to 14 and try again. 3 The configuration should now be tested. Send an to a server that is known to offer TLS. Check the message headers and the sendmail log files for an indication that the message was in fact encrypted. Mail servers relaying the message generally add a header detailing the type of encryption used.

43 Chapter 5 Domino 6.5 This chapter includes the following topics: About Domino 6.5 Generating a certificate request Installing root certificates Installing the certificate Configuring Domino Testing secure communications About Domino 6.5 For details of other versions of Domino, see the Domino Support articles: How to configure Domino for secure SMTP sessions using STARTTLS How to set up SSL using a third-party certificate authority (CA): Generating a certificate request The first stage in configuring Domino to use TLS is to generate the certificate that is used to encrypt traffic.

44 Domino 6.5 Generating a certificate request 44 To generate a certificate request 1 Start the Domino Administrator application and log on. 2 Choose File > Database > Open. The Open Database window appears. 3 Select the server name to administer (not Local) from the drop down list. 4 Scroll down and select the Server Certificate Admin database and click open. If Server Certificate Admin is not present you may need to install and configure the Domino web component. 5 Click Create Key Rings & Certificates in the left pane. 6 Click 1. Create Key Ring.

45 Domino 6.5 Generating a certificate request 45 7 The Create Key Ring page appears. 8 In the Key Ring File Name field, type and note the name of the key ring file and the location where you want to store your key ring file. 9 Enter and confirm the password in the relevant fields.

46 Domino 6.5 Generating a certificate request Select the required Key Size from the drop down list. We recommend a key length of 2048 bits, if supported. Longer key lengths affect performance and may be more expensive. 11 Complete the Distinguished Name section. The Common Name must be the same as the one returned by the server by telnetting to port 25 of the server and issuing an EHLO SMTP command. 12 Click the Create Key Ring button. The Key Ring Created window appears. 13 Click OK.

47 Domino 6.5 Generating a certificate request Click 2. Create Certificate Request. The Create Server Certificate Request page appears. 15 Ensure the same Key Ring File Name is entered as in step In the Log Certificate Request drop-down list, click Yes. 17 Select either the Paste into form on CA s site or Send to CA by option as appropriate. (If you select this last option complete the additional fields that appear as appropriate.) 18 Click Create Certificate Request button.

48 Domino 6.5 Generating a certificate request A dialog box appears to enter your password. Enter the password entered in step 9 and click OK. 20 If you selected the paste option then a Certificate Request Created window appears. Highlight all the text in the lower text area including the BEGIN and END headers (note: you may need to highlight beyond the end of the visible text area). Copy the text to the clipboard as appropriate (on Windows use Ctrl+C or right-click on the highlighted text and choose Copy). Paste the text into the appropriate place as directed by your certificate authority. This often is a page on the CA's Web site, but can be a text file or .

49 Domino 6.5 Installing root certificates If you selected the option then a Certificate Request Created and Mailed window appears. 22 Click OK. The certificate request process is complete. Installing root certificates The next stage is to install CA Trusted Root certificates into the server key ring. Up to two certificates are required: one from Symantec.cloud' CA Trustis and one from your CA, if this is not Trustis. This process can be started at any time. The Trustis FPS root certificate can be obtained from: Select the certificate in PEM format. Your CA will make their root certificate available for download - contact them for further details.

50 Domino 6.5 Installing root certificates 50 To install the root certificate 1 Return to the Create Key Rings & Certificates screen (Steps 1 to 5 in the section on Generating a certificate request). 2 Click 3. Install Trusted Root Certificate Into Key Ring. The Install Trusted Root Certificate page appears. 3 Ensure that the correct key ring file name location is selected (as entered in Step 8 of the section on Generating a certificate request). Enter a meaningful name in the Certificate Label field. 4 Select either the File or Clipboard Certificate source options: a. If you select Clipboard, paste the certificate (including BEGIN and END headers) into the Certificate from Clipboard field then click Merge Certificate into Key Ring. A dialog box appears to enter your password. Enter the password entered in step 9 of the section on Generating a certificate request and click OK. b. If you select file, enter the full path and file name of the received certificate file. Click Merge Certificate into Key Ring. A dialog box appears to enter your password. Enter the password entered in 9 of the section on Generating a certificate request and click OK. 5 After either of the previous steps a Merge Signed Certificate Confirmation window appears as below: Click OK to import the certificate. See Generating a certificate request on page 43.

51 Domino 6.5 Installing the certificate 51 Installing the certificate The next stage is to install the certificate into the key ring. This process is started once the certificate has been received from the CA. To install the certificate 1 When you receive the signed certificate from the CA return to the Create Key Rings & Certificates screen (Steps 1 to 5 in the section on Generating a certificate request). 2 Click 4. Install Certificate Into Key Ring. The Merge Certificate Into Key Ring page appears. 3 Ensure that the correct key ring file name location is selected as in entered in step 8 of the section on Generating a certificate request.

52 Domino 6.5 Installing the certificate 52 4 Select either the File or Clipboard Certificate source options: a. If you select Clipboard, paste the certificate (including BEGIN and END headers) into the Certificate from Clipboard field then click Merge Certificate into Key Ring. A dialog box appears to enter your password. Enter the password entered in step 9 of the the section on Generating a certificate request and click OK. b. If you select file, enter the full path and file name of the received certificate file. Click Merge Certificate into Key Ring. A dialog box appears to enter your password. Enter the password entered in step 9 of the the section on Generating a certificate request and click OK. 5 After either of the previous steps a Merge Signed Certificate Confirmation window appears as below: Click the OK button to import the certificate.

53 Domino 6.5 Installing the certificate 53 6 If an Unrecognized Certificate Authority signature appears, you must add the CA root certificate first. Ensure that the instructions in the previous section Installing root certificates have been completed successfully. 7 Two files now exist for the keyring for the name and location entered in step 8 of the section on Generating a certificate request. One file has a.kyr extension and one file an.sth extension. Transfer both these files to the Lotus Domino server data directory. You need to know where this is (e.g. /notes/data or /local/notesdata). Ensure that the files are transferred in binary mode if using FTP. Ensure that the files are owned by the notes user and group as per your Domino server settings (e.g. the notes user and notes group). You can do this on UNIX\Linux by doing chown notes:notes keyfile.kyr keyfile.sth - where keyfile is the name of your keyring files. See Generating a certificate request on page 43.

54 Domino 6.5 Configuring Domino 54 Configuring Domino Domino must now be configured to use secure communications. 1 Open the server configuration document by navigating to the configuration view for your server. (That is, on your domain tab, select the Configuration tab, expand server, select Configuration, and double-click the relevant configuration document in the right pane) The configuration document opens.

55 Domino 6.5 Configuring Domino 55 2 On the Router/SMTP tab, select the Advanced tab, then Commands and Extensions and input Enabled into the SSL negotiated over TCP/IP port drop-down to enable inbound negotiated SSL\TLS. 3 Click Save & Close.

56 Domino 6.5 Configuring Domino 56 4 Open the Current Server Document.

57 Domino 6.5 Testing secure communications 57 5 Choose the Ports tab, then the Internet Ports tab and then the Mail tab 6 Edit the Mail (SMTP Outbound) column, TCP/IP port status field to be Negotiate SSL. Set SSL key file name to the name of the.kyr file stored in the Domino server notes data directory. Set the SSL protocol version to Negotiated. Change Accept SSL site certificates to No. Change Accept expired SSL certificates to No. Click Save & Close. 7 Restart the Domino server. Testing secure communications You can now test the configuration.

Boundary Encryption.cloud Deployment Process Overview

Boundary Encryption.cloud Deployment Process Overview Boundary Encryption.cloud Deployment Process Overview Boundary Encryption.cloud Deployment Process Overview Documentation version: 1.0 Legal Notice Legal Notice Copyright 2011 Symantec Corporation. All

More information

Web Security Firewall Setup. Administrator Guide

Web Security Firewall Setup. Administrator Guide Web Security Firewall Setup Administrator Guide Web Security Firewall Setup Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,

More information

Email Address Registration. Administrator Guide

Email Address Registration. Administrator Guide Email Address Registration Administrator Guide Address Registration Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,

More information

Email Services Deployment. Administrator Guide

Email Services Deployment. Administrator Guide Email Services Deployment Administrator Guide Email Services Deployment Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide Policy Based Encryption E Administrator Guide Policy Based Encryption E Administrator Guide Documentation version: 1.2 Legal Notice Legal Notice Copyright 2012 Symantec Corporation. All rights reserved.

More information

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide Policy Based Encryption E Administrator Guide Policy Based Encryption E Administrator Guide Documentation version: 1.2 Legal Notice Legal Notice Copyright 2012 Symantec Corporation. All rights reserved.

More information

Email Encryption. Administrator Guide

Email Encryption. Administrator Guide Email Encryption Administrator Guide Email Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,

More information

Email Track and Trace. Administration Guide

Email Track and Trace. Administration Guide Administration Guide Track and Trace Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the

More information

Portal Administration. Administrator Guide

Portal Administration. Administrator Guide Portal Administration Administrator Guide Portal Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

Policy Based Encryption Z. Administrator Guide

Policy Based Encryption Z. Administrator Guide Policy Based Encryption Z Administrator Guide Policy Based Encryption Z Administrator Guide Documentation version: 1.2 Legal Notice Legal Notice Copyright 2012 Symantec Corporation. All rights reserved.

More information

Email Data Protection. Administrator Guide

Email Data Protection. Administrator Guide Email Data Protection Administrator Guide Email Data Protection Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec,

More information

Email Image Control. Administrator Guide

Email Image Control. Administrator Guide Email Image Control Administrator Guide Image Control Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Managed PKI. Integration Guide for ActiveSync Symantec Managed PKI Integration Guide for ActiveSync ii Symantec Managed PKI Integration Guide for ActiveSync The software described in this book is furnished under a license agreement and may be used

More information

Deploying SSL Certificates on MS Exchange and EMC

Deploying SSL Certificates on MS Exchange and EMC Deploying SSL Certificates on MS Exchange and EMC Deploying SSL Certificates on MS Exchange and EMC... 1 1. Certificate Deployment on Exchange... 3 1.1 Exchange Server 2007... 3 1.2 Exchange Server 2010...

More information

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.

More information

Domains. Administrator Guide

Domains. Administrator Guide Domains Administrator Guide Domains Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark

More information

SSL Certificates and Bomgar

SSL Certificates and Bomgar SSL Certificates and Bomgar 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective

More information

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012. October 2013

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012. October 2013 Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012 October 2013 This is a publication of Sage Software, Inc. Document version: October 17, 2013 Copyright

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference Using SSL Certificates in Web Help Desk Introduction... 1 How WHD Uses SSL... 1 Setting WHD to use HTTPS... 1 Enabling HTTPS and Initializing the Java Keystore... 1 Keys

More information

Email AntiVirus. Administrator Guide

Email AntiVirus. Administrator Guide Email AntiVirus Administrator Guide Email AntiVirus Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

Generating an Apple Push Notification Service Certificate

Generating an Apple Push Notification Service Certificate www.novell.com/documentation Generating an Apple Push Notification Service Certificate ZENworks Mobile Management 2.6.x January 2013 Legal Notices Novell, Inc., makes no representations or warranties with

More information

Symantec AntiVirus Corporate Edition Patch Update

Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

Policy Based Encryption Essentials. Administrator Guide

Policy Based Encryption Essentials. Administrator Guide Policy Based Encryption Essentials Administrator Guide Policy Based Encryption Essentials Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved.

More information

Synchronization Tool. Administrator Guide

Synchronization Tool. Administrator Guide Synchronization Tool Administrator Guide Synchronization Tool Administrator Guide Documentation version: 1.5 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information

Secure IIS Web Server with SSL

Secure IIS Web Server with SSL Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help

More information

Websense Email Security Gateway Encryption

Websense Email Security Gateway Encryption Websense Email Security Gateway Encryption Topic 70034 Email Encryption Email Security Gateway Updated: 22-January-2013 Applies To: Websense Email Security Gateway 7.6.x and later Websense Email Security

More information

Spam Manager. User Guide

Spam Manager. User Guide Spam Manager User Guide Spam Manager User Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark

More information

Installing Policy Patrol on a separate machine

Installing Policy Patrol on a separate machine Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the

More information

Email Quick Reference. Administrator Guide

Email Quick Reference. Administrator Guide Email Quick Reference Administrator Guide Email Services Quick Reference Documentation version: 1.0 Legal Notice Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

SQL Server 2008 and SSL Secure Connection

SQL Server 2008 and SSL Secure Connection Ivan Mackintosh 9 January 2013 - v1.0 SQL Server 2008 and SSL Secure Connection This document describes the steps involved for converting an existing SQL Connection to a secure SSL Connection suitable

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) 12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows 2000, Windows Server 2003 5.0 11293743 Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Copyright

More information

Services Deployment. Administrator Guide

Services Deployment. Administrator Guide Email Services Deployment Administrator Guide Email Services Deployment Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the

More information

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO Contents Overview...1 System requirements...1 Enterprise Server:...1 Client PCs:...1 Section 1: Before installing...1 Section 2: Download

More information

Windows Mobile SSL Certificates

Windows Mobile SSL Certificates Windows Mobile SSL Certificates Configuring Security Enhanced Communication on Exchange Server 2003 SP2 or 2007 with Windows Mobile Powered Devices White Paper Published: May 2007 For the latest information,

More information

ProxyCap Help. Table of contents. Configuring ProxyCap. 2015 Proxy Labs

ProxyCap Help. Table of contents. Configuring ProxyCap. 2015 Proxy Labs ProxyCap Help 2015 Proxy Labs Table of contents Configuring ProxyCap The Ruleset panel Loading and saving rulesets Delegating ruleset management The Proxies panel The proxy list view Adding, removing and

More information

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement Microsoft OCS with IPC-R: SIP (M)TLS Trunking directpacket Product Supplement directpacket Research www.directpacket.com 2 Contents Prepare DNS... 6 Prepare Certificate Template for MTLS... 6 1 Create

More information

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere

More information

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014]

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP

More information

Domino Certification Authority and SSL Certificates

Domino Certification Authority and SSL Certificates Domino Certification Authority and SSL Certificates Setup Domino as Certification Authority Process Client Certificate Requests Mike Bartlett ibm.com/redbooks Redpaper Redpaper International Technical

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability May 2015 Cloning the database Cloning the STS host Cloning the proxy host This guide describes how to extend a typical

More information

Installation Guide. SafeNet Authentication Service

Installation Guide. SafeNet Authentication Service SafeNet Authentication Service Installation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Setup Guide for Exchange Server

Setup Guide for Exchange Server Setup Guide for Exchange Server Table of Contents Overview... 1 A. Exchange Server 2007/2010 Inbound Mail... 2 B. Exchange Server 2007/2010 Outbound Mail (optional)... 8 C. Exchange Server 2003/2000 Inbound

More information

Clearswift Information Governance

Clearswift Information Governance Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2010/2013 Users 10.0 Light Outlook Add-In Symantec Enterprise Vault: Guide for Microsoft Outlook 2010/2013 Users The software described in this book

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

Exchange 2010 Journaling Guide

Exchange 2010 Journaling Guide Websense Email Security Solutions v7.3 Websense Advanced Email Encryption Copyright 1996-2011 Websense, Inc. All rights reserved. This document contains proprietary and confidential information of Websense,

More information

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 This document contains information on these topics: Introduction... 2 Terminology...

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

Load Balancing Exchange 2007 Client Access Servers using Windows Network Load- Balancing Technology

Load Balancing Exchange 2007 Client Access Servers using Windows Network Load- Balancing Technology Load Balancing Exchange 2007 Client Access Servers using Windows Network Load- Balancing Technology In this article I will show you how you can load-balance Exchange 2007 Client Access Servers (CAS) using

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

Scenarios for Setting Up SSL Certificates for View

Scenarios for Setting Up SSL Certificates for View Scenarios for Setting Up SSL Certificates for View VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

etoken Enterprise For: SSL SSL with etoken

etoken Enterprise For: SSL SSL with etoken etoken Enterprise For: SSL SSL with etoken System Requirements Windows 2000 Internet Explorer 5.0 and above Netscape 4.6 and above etoken R2 or Pro key Install etoken RTE Certificates from: (click on the

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

MadCap Software. Upgrading Guide. Pulse

MadCap Software. Upgrading Guide. Pulse MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished

More information

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration Intel vpro Technology How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration Document Release Date: September 14, 2012 Revision History Revision Revision History

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2010/2013 Users 10.0 Full Outlook Add-In Symantec Enterprise Vault: Guide for Microsoft Outlook 2010/2013 Users The software described in this book

More information

Certificate Management for your ICE Server

Certificate Management for your ICE Server Certificate Management for your ICE Server Version 2.23.301 Contact: sales@ingenius.com +1-613-591-9002 x3000 TRADEMARKS InGenius, InGenius Connector Enterprise and the InGenius logo are trademarks of

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows Server 2003, Windows Server 2008 5.1 Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Copyright

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Microsoft Exchange 2010 and 2007

Microsoft Exchange 2010 and 2007 Microsoft Exchange 2010 and 2007 Download the server certificate and intermediate certificates. Perform the following procedure for each of the intermediate certificates and then for the server certificate.

More information

Support Advisory: ArubaOS Default Certificate Expiration

Support Advisory: ArubaOS Default Certificate Expiration Support Advisory: ArubaOS Default Certificate Expiration Issued February 14, 2011 Updated April 8, 2011 This document, including the information it contains and the programs made available through the

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000 ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000 Version 3.2 ArcMail Technology 401 Edwards Street, Suite 1601 Shreveport, LA 71101 Support: (888) 790-9252

More information

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER NETWRIX EVENT LOG MANAGER QUICK-START GUIDE FOR THE ENTERPRISE EDITION Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not

More information

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1 Avaya Solution & Interoperability Test Lab Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1 Abstract These Application Notes describe the

More information

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide Abstract This guide describes the Virtualization Monitor (vmon), an add-on service module of the HP Intelligent Management

More information

Basic Exchange Setup Guide

Basic Exchange Setup Guide Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided

More information

Mobile Secure Cloud Edition Document Version: 2.0-2014-06-26. ios Application Signing

Mobile Secure Cloud Edition Document Version: 2.0-2014-06-26. ios Application Signing Mobile Secure Cloud Edition Document Version: 2.0-2014-06-26 Table of Contents 1 Introduction.... 3 2 Apple Team Membership....4 3 Building a Team by Adding Team Admins and Team Members.... 5 4 App Protection

More information

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab Description Building and Managing a Certficate Authority infrastructure to support your Mobile Management infrastructure can be time consuming

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2003/2007 Users 9.0 Symantec Enterprise Vault: Guide for Microsoft Outlook 2003/2007 Users The software described in this book is furnished under a

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2010/2013 Users 10.0 Full Outlook Add-In Symantec Enterprise Vault: Guide for Microsoft Outlook 2010/2013 Users The software described in this book

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2010 Users 9.0 Symantec Enterprise Vault: Guide for Microsoft Outlook 2010 Users The software described in this book is furnished under a license agreement

More information

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government

More information

Creating an Apple APNS Certificate

Creating an Apple APNS Certificate Creating an Apple APNS Certificate 4/20/2012 Creating an Apple APNS Certificate Created by Britt Womelsdorf Edited by Mark S. Ciminello, MBA, PMP The purpose of this document is to outline the steps necessary

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Guide for Microsoft Outlook 2003/2007 Users 10.0 Full Outlook Add-In Symantec Enterprise Vault: Guide for Microsoft Outlook 2003/2007 Users The software described in this book

More information

CA NetQoS Performance Center

CA NetQoS Performance Center CA NetQoS Performance Center Install and Configure SSL for Windows Server 2008 Release 6.1 (and service packs) This Documentation, which includes embedded help systems and electronically distributed materials,

More information

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Securing HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Requesting and Applying an SSL Certificate to secure communication ion from Clearwell E-Discovery to Enterprise

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Setting up SMTP Archiving 11.0 Symantec Enterprise Vault: Setting up SMTP Archiving The software described in this book is furnished under a license agreement and may be used

More information

Certificates for computers, Web servers, and Web browser users

Certificates for computers, Web servers, and Web browser users Entrust Managed Services PKI Certificates for computers, Web servers, and Web browser users Document issue: 3.0 Date of issue: June 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark

More information

ECA IIS Instructions. January 2005

ECA IIS Instructions. January 2005 ECA IIS Instructions January 2005 THIS PAGE INTENTIONALLY BLANK ECA IIS Instructions ii July 22, 2005 Table of Contents 1. Install Certificate in IIS 5.0... 1 2. Obtain and Install the ECA Root Certificate

More information

Installing GFI MailSecurity

Installing GFI MailSecurity Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install

More information

SSL Guide. (Secure Socket Layer)

SSL Guide. (Secure Socket Layer) SSL Guide (Secure Socket Layer) To find basic information about network and advanced network features of your Brother machine: uu Network User's Guide. To download the latest manual, please visit the Brother

More information

Spam Manager. Quarantine Administrator Guide

Spam Manager. Quarantine Administrator Guide Spam Manager Quarantine Administrator Guide Spam Manager Quarantine Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,

More information

APNS Certificate generating and installation

APNS Certificate generating and installation APNS Certificate generating and installation Quick Guide for generating and installing an Apple APNS Certificate Version: x.x MobiDM Quick Guide for APNS Certificate Page 1 Index 1. APPLE APNS CERTIFICATE...

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Sample Configuration: Cisco UCS, LDAP and Active Directory

Sample Configuration: Cisco UCS, LDAP and Active Directory First Published: March 24, 2011 Last Modified: March 27, 2014 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS

More information

Secure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01

Secure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01 Secure Web Service - Hybrid Policy Server Setup Release 9.2.5 Manual Version 1.01 M86 SECURITY WEB SERVICE HYBRID QUICK START USER GUIDE 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange,

More information