Implementing TLS

1 minute read

Description:

TLS is the new version of SSL and is the de facto standard in email security. I followed these steps to get it implemented on my network. Note that we have an internal mail server and a Barracuda Spam Filter device.

 

To Resolve:

  1. We got a certificate from Digicert (CA – Certificate Authority) for “*.example.net” which allows TLS to be implemented.

  2. We installed the certificates on the Barracuda by going to Advanced – Secure Administration tab – Set it up like:

a. First two radio buttons = No

b. Web interface HTTPS/SSL port = 443.

c. Certficate type dropdown = Trusted (Signed by Trusted CA)

d. Cert. details = “CN=*.example.net/ Status = OK”. This was manually uploaded. We did this over the phone with Barracuda.

  1. We opened the ports on the router to allow inbound/ outbound TLS.

  2. Next we requested a duplicate cert and installed it on the mail server.

  3. Once the server is configured (Barracuda device), we need to configure the clients, Outlook.

a. Open Outlook, go to File – Account Settings. Change the outbound server to “Barracuda.example.net”.

b. Go to More Settings (button on bottom right) – Advanced – Make sure the Incoming port is “995” for POP and “993” for IMAP and outgoing is 465 requires TLS.

c. Test the account settings, should be all green. Note: If there is a message box that warns about a certificate after enabling TLS, it is probably due to a DNS issue, make sure the incoming and outgoing servers are by host name and not IP.