Implementing SSL communications

You can configure Mail Security to use Secure Sockets Layer (SSL) communications by using a valid server certificate. You can create your own server certificate using Microsoft Certificate Services 2.0 or request one from a certificate authority.
After you implement SSL, you must enable SSL from the console and specify the SSL port for each server.
  1. To install a server certificate
  2. On the computer on which Mail Security is installed, click
    Start > Administrative Tools > Internet Information Services (IIS) Manager
    .
  3. In the
    server
    list, expand the folder for the server that hosts Mail Security.
  4. In the
    Web sites
    folder, right-click
    Symantec Mail Security for Microsoft Exchange
    , and then click
    Properties
    .
  5. Under
    Secure communications
    , select the
    Directory Security
    tab, and click
    Server Certificate
    .
  6. Follow the instructions in the
    Web server Certificate
    wizard to install the server certificate.
  7. To implement SSL communications
  8. Ensure that a valid server certificate is installed.
  9. Under
    Secure Communications
    , click the
    Directory Security
    tab, and then click
    Edit
    .
  10. In the
    Secure Communications
    dialog box, check
    Require secure channel (SSL)
    , and then click
    OK
    .
  11. On the
    Web Site
    tab, under
    Web site identification
    , in the
    IP Address
    text box, type the IP address of the Mail Security server.
  12. In the
    SSL Port
    text box, type the port to use for SSL communications.
  13. Click
    OK
    to close the
    Mail Security Properties
    window.
  14. To implement SSL communications on Windows Server
  15. On the local computer, ensure that a valid server certificate is installed in
    Trusted Root Certification Authorities
    .
  16. Click
    Start > Administrative Tools > Internet Information Services (IIS) Manager
    .
  17. In the
    Web sites
    folder, right-click
    Symantec Mail Security for Microsoft Exchange
    , click
    Edit Bindings
    and select
    Add
    .
  18. From the drop-down list, select
    https
    and
    All Unassigned
    for Type and IP addresses respectively.
  19. In the
    SSL Port
    text box, type the port number.
    For example, type 8082 for SSL communications.
    To avoid port conflicts, ensure that you do not use the ports that Exchange server uses. For example, TCP port 80 and SSL port 443.
  20. From the
    SSL certificate
    , select the certificate that you installed and restart the
    Symantec Mail Security for Microsoft Exchange
    website.
  21. In the right pane, double-click
    Authentication
    and ensure that
    Windows Authentication
    and
    ASP.NET Impersonation
    are enabled.
  22. From the
    Web sites
    folder, select
    Symantec Mail Security for Microsoft Exchange
    .
  23. In the right pane, double-click
    SSL Settings
    and check
    Require SSL
    and
    Require 128-bit SSL
    .
  24. Click
    Apply
    to apply the changes.
  25. To implement SSL communications on client computer
  26. Export the server certificate from the server and install it to the client computer where Mail Security console is installed in
    Trusted Root Certification Authorities
    .
  27. Open
    Certificate snap-in
    and ensure that the certificate resides in
    Trusted Root Certification Authorities
    .
  28. On the Mail Security console, click the
    Assets
    tab and click
    Add server(s)
    to add a server.
  29. Right-click the server that you added and then click
    Properties
    .
  30. Provide the SSL port number that is configured on the server.
  31. Check
    Use SSL
    and click
    OK
    .
    You can now connect to the server from the console by using the SSL connection.