Managing Transport Layer Security (TLS) certificates

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Configuring System Settings > Managing Transport Layer Security (TLS) certificates

Managing Transport Layer Security (TLS) certificates

Administrator Help | Forcepoint Email Security | Version 8.5.x

Transport Layer Security (TLS) is a protocol that provides an extra layer of security for email communications. Use of this protocol helps prevent devices such as non-trusted routers from allowing a third party to monitor or alter the communications between a server and client. The email security system can receive messages transferred over TLS and can also send messages via this protocol to particular domains.

A default TLS certificate is supplied with Forcepoint Email Security for incoming connections. The email system presents this certificate during TLS communications.

After email product installation, default TLS certificate information appears on the page Settings > Inbound/Outbound > TLS Certificate, in the section TLS Certificate for Incoming Connection. Details include the certificate version, serial number, issuer, and expiration date.

Functionality on this page allows you to generate a new certificate when the default certificate expires. Generating a new certificate overwrites any certificate that currently exists. Additionally, certificates can be imported and exported on the TLS Certificate page.

The TLS Certificate page is additionally used to manage trusted Certificate Authority (CA) certificates for outgoing connections. Forcepoint Email Security uses CA-issued root and intermediate certificates (along with the default CA certificate bundle) to verify a server certificate presented by a third-party mail server during TLS communications.

The Trusted CA Certificate for Outgoing Connection table on the TLS Certificate page displays information about the certificate, including common name, issuer, and expiration date. Import functionality is used to browse to the location of a trusted certificate and add it to the Trusted CA Certificate for Outgoing Connection table. A search function is used to perform a keyword search of all your trusted CA certificates.

Generate a new TLS certificate

1.

From the section TLS Certificate for Incoming Connection, click Generate.

A prompt displays to indicate that the existing certificate will be overwritten.

2.

TLS certificate generation continues.

Search trusted CA certificates by keyword

1.

From the section Trusted CA Certificate for Outgoing Connection, enter a keyword in the text field Search filter.

2.

Click Search.

Search results display below the search bar.

3.

Clear search results; click Clear search filter.

All trusted CA certificates display below the search bar.

See the following sections for details on importing and exporting TLS and CA certificates:

Importing a TLS certificate

Exporting a TLS certificate

Importing a trusted CA certificate

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Configuring System Settings > Managing Transport Layer Security (TLS) certificates

Copyright 2022 Forcepoint. All rights reserved.