Implementing SSL communications
You can configure Mail Security to use Secure Sockets Layer (SSL) communications by using a valid server certificate. You can create your own server certificate using Microsoft Certificate Services 2.0 or request one from a certificate authority.
After you implement SSL, you must enable SSL from the console and specify the SSL port for each server.
- To install a server certificate
- On the computer on which Mail Security is installed, clickStart > Administrative Tools > Internet Information Services (IIS) Manager.
- In theserverlist, expand the folder for the server that hosts Mail Security.
- In theWeb sitesfolder, right-clickSymantec Mail Security for Microsoft Exchange, and then clickProperties.
- UnderSecure communications, select theDirectory Securitytab, and clickServer Certificate.
- Follow the instructions in theWeb server Certificatewizard to install the server certificate.
- To implement SSL communications
- Ensure that a valid server certificate is installed.
- UnderSecure Communications, click theDirectory Securitytab, and then clickEdit.
- In theSecure Communicationsdialog box, checkRequire secure channel (SSL), and then clickOK.
- On theWeb Sitetab, underWeb site identification, in theIP Addresstext box, type the IP address of the Mail Security server.
- In theSSL Porttext box, type the port to use for SSL communications.
- ClickOKto close theMail Security Propertieswindow.
- To implement SSL communications on Windows Server
- On the local computer, ensure that a valid server certificate is installed inTrusted Root Certification Authorities.
- ClickStart > Administrative Tools > Internet Information Services (IIS) Manager.
- In theWeb sitesfolder, right-clickSymantec Mail Security for Microsoft Exchange, clickEdit Bindingsand selectAdd.
- From the drop-down list, selecthttpsandAll Unassignedfor Type and IP addresses respectively.
- In theSSL Porttext box, type the port number.For example, type 8082 for SSL communications.To avoid port conflicts, ensure that you do not use the ports that Exchange server uses. For example, TCP port 80 and SSL port 443.
- From theSSL certificate, select the certificate that you installed and restart theSymantec Mail Security for Microsoft Exchangewebsite.
- In the right pane, double-clickAuthenticationand ensure thatWindows AuthenticationandASP.NET Impersonationare enabled.
- From theWeb sitesfolder, selectSymantec Mail Security for Microsoft Exchange.
- In the right pane, double-clickSSL Settingsand checkRequire SSLandRequire 128-bit SSL.
- ClickApplyto apply the changes.
- To implement SSL communications on client computer
- Export the server certificate from the server and install it to the client computer where Mail Security console is installed inTrusted Root Certification Authorities.
- OpenCertificate snap-inand ensure that the certificate resides inTrusted Root Certification Authorities.
- On the Mail Security console, click theAssetstab and clickAdd server(s)to add a server.
- Right-click the server that you added and then clickProperties.
- Provide the SSL port number that is configured on the server.
- CheckUse SSLand clickOK.You can now connect to the server from the console by using the SSL connection.