Add an incoming or outgoing connection for which to use TLS

Steps

  1. Navigate to the page Settings > Inbound/Outbound > Enforced TLS Connections.
  2. Click Add.
    The Add Incoming Connection page displays.
  3. In the text field Name, enter a name for your enforced TLS connection.
  4. From the pull-down menu Priority order, select a priority order for the connection.
  5. Specify the security level for the connection. Security level options include the following:
    • Encrypt, the minimum enforcement level, used in all security levels This security level is the only option available for incoming connections.
    • Encrypt and check CN, validation of a certificate’s common name
    • Verify, validation that the certificate is from a trusted CA
    • Verify and check CN, validation of the certificate’s common name and that the certificate is from a trusted CA
      Important: To use the two “verify” options, you must have imported a trusted CA certificate. See Managing Transport Layer Security (TLS) certificates.
  6. Select one of the following connection encryption strength options:
    • Medium, which involves the use of cipher suites that use 128-bit encryption
    • High, which includes most cipher suites with key lengths larger than 128 bits
  7. Define the IP address or domain group subject to forced TLS connection; select one of the following options:
    • Any (for all connections)

      This option applies to any connection, regardless of IP or domain address.

    • IP address group

      Select an existing IP address group in the pull-down menu or create a new group using Add New IP Group.

    • Domain address group

      Select an existing domain address group in the pull-down menu or create a new group using Add New Domain Group.

  8. Click OK.
    The settings are saved.