Implementing TLS

1 minute read

Description:

TLS is the new version of SSL and is the de facto standard in email security. I followed these steps to get it implemented on my network. Note that we have an internal mail server and a Barracuda Spam Filter device.

To Resolve:

  1. We got a certificate from Digicert (CA – Certificate Authority) for “*.example.net” which allows TLS to be implemented.

  2. We installed the certificates on the Barracuda by going to Advanced – Secure Administration tab – Set it up like:

    • First two radio buttons = No
    • Web interface HTTPS/SSL port = 443.
    • Certficate type dropdown = Trusted (Signed by Trusted CA)
    • Cert. details = “CN=*.example.net/ Status = OK”. This was manually uploaded. We did this over the phone with Barracuda.
  3. We opened the ports on the router to allow inbound/ outbound TLS.

  4. Next we requested a duplicate cert and installed it on the mail server.

  5. Once the server is configured (Barracuda device), we need to configure the clients, Outlook.

    • Open Outlook, go to File – Account Settings. Change the outbound server to “Barracuda.example.net”.

    • Go to More Settings (button on bottom right) – Advanced – Make sure the Incoming port is “995” for POP and “993” for IMAP and outgoing is 465 requires TLS.

    • Test the account settings, should be all green. If there is a message box that warns about a certificate after enabling TLS, it is probably due to a DNS issue, make sure the incoming and outgoing servers are by host name and not IP.