Managing Transport Layer Security (TLS) certificates
Transport Layer Security (TLS) is a protocol that provides an extra layer of security for email communications. Use of this protocol helps prevent devices such as non-trusted routers from allowing a third party to monitor or alter the communications between a server and client. The email security system can receive messages transferred over TLS and can also send messages via this protocol to particular domains.
A default TLS certificate is supplied with Forcepoint Email Security for incoming connections. The email system presents this certificate during TLS communications.
After email product installation, default TLS certificate information appears on the page , in the section TLS Certificate for Incoming Connection. Details include the certificate version, serial number, issuer, and expiration date.
Functionality on this page allows you to generate a new certificate when the default certificate expires. Generating a new certificate overwrites any certificate that currently exists. Additionally, certificates can be imported and exported on the TLS Certificate page.
The TLS Certificate page is additionally used to manage trusted Certificate Authority (CA) certificates for outgoing connections. Forcepoint Email Security uses CA-issued root and intermediate certificates (along with the default CA certificate bundle) to verify a server certificate presented by a third-party mail server during TLS communications.
The Trusted CA Certificate for Outgoing Connection table on the TLS Certificate page displays information about the certificate, including common name, issuer, and expiration date. Import functionality is used to browse to the location of a trusted certificate and add it to the Trusted CA Certificate for Outgoing Connection table. A search function is used to perform a keyword search of all your trusted CA certificates.