SSL/TLS are security protocols that allows the transmission of data to be encrypted. This allows users to access email through a third-party email client without the fear that someone has intercepted their data. SSL will encrypt the connection immediately upon connection. TLS will encrypt once the STARTTLS command is sent. TLS will need to be set up over port 25, 110, 143 and SSL over ports 465, 993, and 995.
NOTE: This article assumes you have obtained a copy of your certificate's from your SSL provider and have installed them on your server within your certificate stores personal folder. If you have not done this, please do so prior to following the directions below.
Prior to configuring SmarterMail to be secured over SSL or TLS, the SSL certificate installed on the server must first be exported to a Base-64 Encoded certificate that is readable by SmarterMail.
Follow these steps to export your SSL certificate to a Base-64 encoded certificate file:
- Sign into the Windows server in which SmarterMail is installed
- Click Start, select Run
- Type MMC, press enter.
- Navigate to File -> Add\Remove Snap ins
- In the available snap-ins column select Certificates and hit Add
- A new window will appear, choose Computer account and hit next.
- Ensure local computer is selected and hit finish.
- Now there will be a certificate tree view, expand Personal, and choose certificates.
- Right click the certificate in which you wish to export -> All Tasks -> Export.
- A new window will appear, hit next.
- Do not export private key’s -> Next
- Save as a base64 x509 .cer file -> Next
- Choose a save location such as C:\SmarterMail\Certificates\<SiteName> - Name the certificate, click Save.
Follow these steps to add a port to listen over SSL or TLS:
- Log in to SmarterMail as the system administrator.
- Click the Settings icon.
- Click Bindings in the navigation pan and click the Ports tab.
- Click New in the content pane.
- Complete the following required fields: Protocol, Encryption (SSL or TLS), Name, Port and Certificate Path. All other fields are optional.
- Select the IP Address for the port to listen on.
- Click Save.
NOTE: Using similar steps as above, modify your existing port 25 to be encrypted with SSL or TLS.