Skip to main content

SMTP TLS Settings

NOTE:It's Thisimportant featureto isset onlySMTP availableTLS within order to transmit e-mail messages between your Hermes SEG Promachine License.and other e-mail servers with TLS encryption.

By default, SMTP TLS support in Hermes SEG is disabled. In this section you can enable Hermes SEG TLS support as well as installassociate the requiredSSL certificatescertificate andyou privatepreviously keyimported inor order to make it work.requested.

Hermes SEG support two SMTP TLS methods:

SMTP

Opportunistic TLS Available

In this mode, any time a remote SMTP server makes a connection,  Hermes SEG announces that it supports STARTTLS, however it does not require TLS encryption. This mode, is the recommended mode if you need TLS encryption.

SMTP

Mandatory TLS Required

In this mode, any time a remote SMTP server makes a connection, Hermes SEG announces STARTTLS and it will NOT accept email without TLS encryption. This mode should NEVER be used on a public Internet facing Hermes SEG.

Before you can set SMTP TLS, you must first have either imported or requested a SSL Certificate in orderthe System Certificates section for the Host Name you set in the Network Settings.

  • Set the SMTP TLS Mode drop-down to enableOpportunistic anyTLS or or Mandatory TLS as required.
  • The SMTP TLS Certificate field is pre-populated with the system-self-signed certificate. If you wish to use a SSL certificate you set in the System Certificates section above, simply delete the system-self-signed entry and start typing the friendly name of the SMTP TLS methods,certificate you setup previously that matches the host name you set in the Network Settings. The system will need PEMlocate encoded certificates and an unecrypted Private Key.

    A PEM encodedthe certificate isand humandisplay readeableit in a drop-down list. Click on the certificate that starts with:

    -----BEGIN CERTIFICATE-----

    and ends with

    -----END CERTIFICATE-----

    An unecrypted Private Key starts with:

    -----BEGIN PRIVATE KEY-----

    and ends with

    -----END PRIVATE KEY-----

     

    1. Certificate

    1. Under the SMTP TLS Settings section, ensure you select either SMTP TLS Available or SMTP TLS Required. Once you make the selection,system the Pastewill Contentsautomatically populate all the rest of the CertificatePaste Conentsfields ofsuch Unencryptedas Key andthe the PasteSubject, ConentsIssuer, of RootSerial and and Int CA Certificate fields will become enabledType (Figure 1).:

Figure 1

image-1606158615332.pngimage-1642971499398.png

    • Open your PEM encoded certificate with a text editor and select and copyClick the entireSubmit contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines.
    • Under the Paste Contents of Certificate field, delete the existing contents so you are left with an empty field (if applicable).
    • Paste the contents of the file you copied from Step 2 into the empty Paste Contents of Certificate fieldbutton (Figure 2).:

Figure 2

image-1606158622651.pngimage-1642971616360.png

2. Unecrypted Key

  1. Open your unecrypted key with a text editor and select and copy the entire contents of the file to include the  -----BEGIN PRIVATE KEY-----  and the -----END PRIVATE KEY----- lines.
  2. Under the Paste Contents of Unecrypted Key field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the file you copied from Step 1 into the empty Paste Contents of Unecrypted Key field (Figure 3).

Figure 3

image-1606158631133.png

3. Root and Int CA Certificate

  1. Open your PEM encoded CA Bundle certificate with a text editor and select and copy the entire contents of the file to include the  -----BEGIN CERTIFICATE-----  and the -----END CERTIFICATE----- lines. Please note that CA Bundle certificates usually include more than one certificate in a single file, so ensure you select ALL the certificates in the file.
  2. Under the Paste Contents of Root and Int CA Certificate field, delete the existing contents so you are left with an empty field.
  3. Paste the contents of the CA Bundle certificate you copied from Step 1 into the empty Paste Contents of Certificate field (Figure 4).

Figure 4

image-1606158646308.png

  1. After pasting all the contents, click on the Save & Apply Changes button.

After you click the Save & Apply Changes button, the system will perform a validation on the certificate, private key and CA bundle combination. If you get a Success!! message, your Hermes SEG is ready to go with TLS Encryption. If there are errors, verify the contents you pasted in each field especially the Certificate and the Unencrypted Key fields since those seem to be the cause of most errors.

4.

Verify TLS Encryption and Certificate

The easiest way to verify whether or not your Hermes SEG TLS encryption is working correcly as well as verify the certificates you installed, is to goto http://www.checktls.com/perl/live/TestReceiver.pl and run the TestReceiver test.

 

 

 

Back to top