TLS Certificates
Forcepoint Email Security enables a default self-signed TLS certificate with product installation that is used for incoming connections. The email security system presents this certificate during TLS communications.
You can view certificate information and generate a new self-signed certificate on the page . Generating a new certificate overwrites any certificate that already exists.
You can also use a certificate from a third-party certificate authority (CA) for outgoing connections. Forcepoint Email Security uses CA-issued root and intermediate certificates (along with the default CA certificate bundle) to verify a server certificate presented by a third-party mail server during TLS communications. It is necessary to generate encryption keys and a CSR to send to the CA and then import the purchased certificate files to the Email Security module.
Because the email hybrid service Forcepoint Email Encryption option does not perform properly with the self-signed certificate, a trusted third-party certificate from a CA is required. (See Trusted third-party certificates for a list of trusted third-party certificates to use with advanced email encryption.)
The following sections provide details about generating encryption keys and a CSR and importing a third-party certificate to the Email Security module.