Knowledge Doc: [SecureMail] How to configure SecureMail to use TLS 1.2 for inbound SMTP

0 Likes

Summary
Need to configure SecureMail and sendmail so that inbound SMTP requests use TLS 1.2

Products
Voltage SecureMail

Environment
SecureMail 7.x

Situation
Need to configure SecureMail and sendmail so that inbound SMTP requests use TLS 1.2

Resolution
1. Download .jsk from Voltage admin console
a. In the SecureMail Management Console, Go to the Tenants tab and select the correct tenant.
b. Click on Edit then select the Hostnames and SSL Certificates
c. Click on Export Credentials
2. FTP the file to the appliance
3. Extract the Cert and key file from the .jsk
a. keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12
b. extract cert
i. openssl pkcs12 -in keystore.p12 -nokeys -out my_key_store.crt
c. extract key:
i. openssl pkcs12 -in keystore.p12 -nocerts -nodes -out my_store.key
4. Convert crt to pem
a. Openssl x509 –in my_key_store.crt –out my_key_store.pem
5. Move files to /etc/pki/tls/certs
6. ftp cert auth bundle to /etc/pki/tls/certs
7. set security on .key and .pem
a. chmod 600 zzz.pem
b. chmod 600 zzz.key
8. Add the following block to the bottom of both “/etc/mail/sendmail.mc” and “/usr/share/vsgateway/mail/sendmail.mc”

# Enable Sendmail TLS
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/etc/pki/tls/certs')dnl
define(`confCACERT',`/etc/pki/tls/certs/ bundle.crt')dnl
define(`confSERVER_CERT',`/etc/pki/tls/certs/voltage.pem')dnl
define(`confSERVER_KEY',`/etc/pki/tls/certs/voltage.key')dnl
define(`confCLIENT_CERT',`/etc/pki/tls/certs/voltage.pem')dnl
define(`confCLIENT_KEY',`/etc/pki/tls/certs/voltage.key')dnl
LOCAL_CONFIG
O CipherList=HIGH
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TLSv1 +SSL_OP_NO_TLSv1_1
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TLSv1 +SSL_OP_NO_TLSv1_1
9. Stop and start the sendmail service.

Knowledge Base Article Link

URL Name
KM000009709

Labels:

Knowledge Docs
Comment List
Related
Recommended