Connect Application - Setting Up TLS Policies

Updated

Customers currently using the Connect Application are advised to complete their onboarding setup as soon as possible, as the Connect Application is scheduled to be discontinued on the 31st of January, 2024.

This article provides information on setting up TLS policies in the Mimecast Connect Application, including enforcing TLS communication, adding or removing external domains, and validating TLS support for secure email delivery.

Introduction

Connect Application Setting Up TLS Policies_18

By default, we deliver messages using opportunistic Transport Layer Security (TLS) as per your Secure Delivery Policies (Configuring Secure Delivery Definitions and Policies).

This ensures full end-to-end TLS communication between your internal server infrastructure and the external domains. Your internal server infrastructure covers all internal domains, including legitimate "spoofed" inbound messages from authorized third parties.

We recommend adding external domains to ensure full end-to-end TLS communication. Ensure that any external domains you enter support Strict TLS. We support connections using TLS 1.2 for AES-256.

Adding Transport Layer Security Policies

If you can't start this step, ensure the Connect Application - Preparing for Inbound Email is completed. This is a dependent task.

You can add a Transport Layer Security policy by using the following steps:

  1. Log in to the Mimecast Connect Application.
  2. Navigate to Optional | Set Up Your TLS Policies.
  3. Click on Start. A page is displayed listing any current internal server routes.
  4. Click on Validate to perform a check to ensure your inbound routes can support enforced TLS. A popup dialog is displayed.
  5. Enter an Email Address.
  6. Click on Test. If any route doesn't support TLS, you can't proceed to the next step in the task.

If all the routes are capable of enforced TLS, the server can have either a third-party supported (Secure Socket Layers (SSL) Certificates) or self self-signed certificate. If a third-party certificate is used, strict encryption mode is enforced. If a self-signed certificate is used, relaxed mode is enforced.

  • A green tick confirms the route is validated in Strict - Trusted Enforced" or "Relaxed Encryption Mode.
  • A red exclamation confirms the route is invalid with TLS Not Supported.

Connect Application Setting Up TLS Policies_19

  1. Click on Next. All external domains are listed.
  2. Click on Add External Domains.
  3. Enter all your External Domains with each on a separate line.

Up to 50 addresses can be added at any one time. If you have more than 50, just repeat the process in batches of 50 or fewer.

  1. Click on Continue. The external domains are listed. If there are any errors, correct them by clicking the Remove button.
  2. Click Add to confirm.
  3. Optionally, click  Validate to the right of each domain to verify the TLS support.
  4. Enter an Email Address for the external domain in the Email field, and click Validate. This is for validation only, and no email will be sent.
    • If TLS is validated, a green tick confirms the route "Supports TLS.
    • If TLS validation failed, an error message will display on the pop-up dialog as shown below. Click on More or Less to expand or collapse the error message. Click on Cancel to exit the dialog.

Connect Application Setting Up TLS Policies_20

  1. Click on Remove to remove a domain that is invalid or already exists.

Connect Application Setting Up TLS Policies_21

  1. Click on Finish to complete the configuration. The summary page displays the number of added domains under External Domain TLS Policies.
  2. Optionally, click on Edit to go back to the previous page, and click Validate or Remove to correct the domains.

Removing External Domains from Transport Layer Security Policies

Connect Application Setting Up TLS Policies_22

You can remove an external domain from a Transport Layer Security Policy by using the following steps:

  1. Log in to the Mimecast Connect Application.
  2. Navigate to Optional | Set Up Your TLS Policies.
  3. Click on Start. Any existing external domains in the Transport Layer Security Policy display.
  4. Click on Remove to the right of the external domain.
  5. Click on Finish.

If you need to completely remove a Transport Layer Security Policy, you can do so from the Mimecast Administration Console via  Policies | Gateway Policies. The TLS policies are available under Secure Delivery and Secure Receipt. Right-click on the policy and click Remove Policy.

Connect Application Setting Up TLS Policies_23

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.