Import TLS certificates and private keys

In order to use TLS in Secure Email Gateway, you need to import the following files to the Gateway.

• Certificate Authority (CA) signing certificate The certificate of the certificate authority that signed the key certificate. It contains the certificate authority's own public key. Also known as "root certificate".

• TLS server The TLS server is the message recipient. private key The secret key kept on the sender's computer that the sender uses to digitally sign messages to recipients and to decrypt messages from recipients. Private keys should be password protected. and certificate A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. signed by CA

• TLS client The TLS client is the message sender. private key and certificate signed by CA

All files are in PEM format.

Import Signing Certificate

1. Navigate to System > Encryption > TLS Configuration. The TLS Configuration page is displayed.

2. Select the Certificates tab.

3. In the Signing Certificate panel, click Click here to change these settings.

4. Using the browse button, locate the signing certificate issued by the CA and click Open.

5. Click Save.

6. Apply the configuration.

Import Server Certificate and Private Key

1. Navigate to System > Encryption > TLS Configuration. The TLS Configuration page is displayed.

2. Select the Certificates tab.

3. In the Server Certificate and Private Key panel, click Click here to change these settings.

4. Using the browse button, locate the signed certificate and private key, and click Open.

5. Click Save.

6. Apply the configuration.

Import Client Certificate and Private Key

1. Navigate to System > Encryption > TLS Configuration. The TLS Configuration page is displayed.

2. Select the Certificates tab.

3. In the Client Certificate and Private Key panel, click Click here to change these settings.

4. Using the browse button, locate the signed certificate and private key, and click Open.

5. Click Save.

6. Apply the configuration.

If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Configure Peer Gateways for more information.

See also...

• Required TLS certificates and keys
• Create TLS private key and CSR
• Obtain CA-signed or self-signed TLS certificate