SMTP TLS Settings

NOTE: This feature is only available with Hermes SEG Pro License.

By default, SMTP TLS support in Hermes SEG is disabled. In this section you can enable Hermes SEG TLS support as well as install the required certificates and private key in order to make it work.

Hermes SEG support two SMTP TLS methods:

SMTP TLS Available

In this mode, any time a remote SMTP server makes a connection,  Hermes SEG announces that it supports STARTTLS, however it does not require TLS encryption. This mode, is the recommended mode if you need TLS encryption.

SMTP TLS Required

In this mode, any time a remote SMTP server makes a connection, Hermes SEG announces STARTTLS and it will NOT accept email without TLS encryption. This mode should NEVER be used on a public facing Hermes SEG.

in order to enable any of the SMTP TLS methods, you will need PEM encoded certificates and an unecrypted Private Key.

A PEM encoded certificate is human readeable certificate that starts with:

-----BEGIN CERTIFICATE-----

and ends with

-----END CERTIFICATE-----

An unecrypted Private Key starts with:

-----BEGIN PRIVATE KEY-----

and ends with

-----END PRIVATE KEY-----

 

1. Certificate

  1. Under the SMTP TLS Settings section, ensure you select either SMTP TLS Available or SMTP TLS Required. Once you make the selection, the Paste Contents of CertificatePaste Conents of Unencrypted Key and the Paste Conents of Root and and Int CA Certificate fields will become enabled (Figure 1).

Figure 1

image-1606158615332.png

  1. Open your PEM encoded certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines.
  2. Under the Paste Contents of Certificate field, delete the existing contents so you are left with an empty field (if applicable).
  3. Paste the contents of the file you copied from Step 2 into the empty Paste Contents of Certificate field (Figure 2).

Figure 2

image-1606158622651.png

2. Unecrypted Key

  1. Open your unecrypted key with a text editor and select and copy the entire contents of the file to include the  -----BEGIN PRIVATE KEY-----  and the -----END PRIVATE KEY----- lines.
  2. Under the Paste Contents of Unecrypted Key field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the file you copied from Step 1 into the empty Paste Contents of Unecrypted Key field (Figure 3).

Figure 3

image-1606158631133.png

3. Root and Int CA Certificate

  1. Open your PEM encoded CA Bundle certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines. Please note that CA Bundle certificates usually include more than one certificate in a single file, so ensure you select ALL the certificates in the file.
  2. Under the Paste Contents of Root and Int CA Certificate field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the CA Bundle certificate you copied from Step 1 into the empty Paste Contents of Certificate field (Figure 4).

Figure 4

image-1606158646308.png

  1. After pasting all the contents, click on the Save & Apply Changes button.

After you click the Save & Apply Changes button, the system will perform a validation on the certificate, private key and CA bundle combination. If you get a Success!! message, your Hermes SEG is ready to go with TLS Encryption. If there are errors, verify the contents you pasted in each field especially the Certificate and the Unencrypted Key fields since those seem to be the cause of most errors.

4. Verify TLS Encryption and Certificate

The easiest way to verify whether or not your Hermes SEG TLS encryption is working correcly as well as verify the certificates you installed, is to goto http://www.checktls.com/perl/live/TestReceiver.pl and run the TestReceiver test.