System Certificates

Hermes SEG allows you to manage SSL certificates in order to be used for console access over HTTPS as well as SMTP TLS transactions.

Hermes SEG Community Version

Hermes SEG Community Version will allow you to create Certificate Signing Requests to submit to 3rd party CAs and import certificates from 3rd party CAs.

Click the Import Certificate button, enter a friendly name for the certificate in the Certificate Name field, paste the contents of the certificate including the -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- lines in the Certificate field, paste the contents of the unencrypted key including the -----BEGIN PRIVATE KEY----- & -----END PRIVATE KEY----- lines in the Unencrypted Key field, paste the contents of the root and Intermediate CA certificates including the -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- lines in the Root and Intermediate CA Certificates field and click the Import button (Figure 3):

Figure 3

Hermes SEG Pro Version

Hermes SEG Pro Version will allow you to create Certificate Signing Requests to submit to 3rd party CAs, import certificates from 3rd party CAs as well as Request Lets Encrypt (Acme) Certificates.

If you wish to import a 3rd party CA certificate, please follow the Hermes SEG Community instructions above to import a certificate. If you wish to request a Lets Encrypt (Acme) certificate, follow the instructions below:

Before requesting Acme Certificates ensure that BOTH ports TCP 80 and TCP 443 are open to Hermes SEG from the Internet and the domain you are requesting the certificate is pointing to the Internet accessible IP address of your Hermes SEG machine. We recommend that you test using the Acme Staging server first to ensure the request works before attempting to use Acme Production. The reason we initially Request Acme Certificate utilizing the Acme Staging server is because Lets Encrypt is much more lenient with rate limits with failed requests in their staging environment than their production environment, click here for details.

Click the Request Acme Certificate button, enter a friendly name in the Certificate Name field, enter the FQDN (domain name) you wish to request a certificate, enter a valid e-mail address in the Notifications E-mail address field, leave the Acme Server drop-down field set to Acme Staging and click the Request button (Figure 4):

Figure 4

If the Acme Certificate Request fails, double-check that the FQDN (domain name) points to the Internet accessible IP of your Hermes SEG machine and that BOTH ports TCP/80 (HTTP) and TCP/443 (HTTPS) are allowed through your firewall and try again.
If the Acme Certificate Request succeeds, locate the newly created certificate in your certificate list, click the icon and on the resultant Delete Certificate confirmation click on Yes (Figure 5):

Figure 5

Click the Request Acme Certificate button again, enter a friendly name in the Certificate Name field, enter the FQDN (domain name) you wish to request a certificate, enter a valid e-mail address in the Notifications E-mail address field, this time set the Acme Server drop-down field set to Acme Production and click the Request button (Figure 6):

Figure 6

Introduction

Getting Started

Upgrade and Migrate Hermes SEG 18.04 to 20.04

Requirements and Recommendations

OVA/Hyper-V Appliance URL and Default Credentials

Hermes SEG E-mail Flow

Encryption

AD Integration

Admin Authentication

Admin Console Firewall

Network Settings

Console Settings

Mail Queue

System Logs

System Backup

System Certificates

System Restore

System Settings

System Status

System Update

System Users

Email Archive

System Reboot & Shutdown

SMTP TLS Settings

Relay Host

Relay Domains

Relay IPs & Networks

Internal Recipients

Virtual Recipients

Perimeter Checks

RBL Configuration

Network Block/Allow

Sender to Recipient Block/Allow List

Global Sender Block/Allow List

SPF Settings

DKIM Settings

Antivirus Settings

Antivirus Signature Feeds

Antivirus Signature Bypass

Antispam Settings

Custom Antispam Filter Tests

Initialize Pyzor

Initialize Vipul's Razor

Clear Bayes Database

Custom File Extensions

Custom File Expressions

Message Rules

File Rules

SVF Policies

Message History

Internal Certificate Authority

PGP Key Servers

Encryption Settings

Internal Recipients Encryption

External Recipients Encryption

System Certificates

Hermes SEG Community Version

Hermes SEG Pro Version