Scribd
Upload
7 views3 pages

TLS Encryption Transcript

The document outlines the process for Acme Corp to establish TLS Encryption for secure communication with MegaBank, including generating a Certificate Signing Request, importing the signed certificate, and configuring the Protection Server. It also describes troubleshooting steps when MegaBank's certificate expires and how to temporarily allow encrypted connections using the expired certificate. The final steps involve adjusting settings to ensure continued secure communication while awaiting the renewal of the certificate.

Uploaded by

Thông Bạch Văn Xuân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views3 pages

TLS Encryption Transcript

The document outlines the process for Acme Corp to establish TLS Encryption for secure communication with MegaBank, including generating a Certificate Signing Request, importing the signed certificate, and configuring the Protection Server. It also describes troubleshooting steps when MegaBank's certificate expires and how to temporarily allow encrypted connections using the expired certificate. The final steps involve adjusting settings to ensure continued secure communication while awaiting the renewal of the certificate.

Uploaded by

Thông Bạch Văn Xuân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Transcript for TLS Encryption

Welcome back to the Threat Protection Level 2 course. In this lesson we’ll use TLS Encryption to
help Acme Corp communicate securely with a new business partner.

Acme Corp wishes to start doing business with an industry giant called MegaBank. Policies that
are in place require that all email communication with MegaBank take place over an encrypted
connection.

Cooper has been tasked with setting this up. First, he’ll need to generate a Certificate Signing
Request and submit it to a Certificate Authority. Once he gets the certificate back, he’ll need to
import it into the Protection Server. Finally, he’ll need to configure the Protection Server to use
this certificate to create a secure and encrypted connection with MegaBank.

So let’s jump into the Protection Server and get started.

To generate a Certificate Signing Request, navigate to the System tab. Then the System section.
Then expand Certificates and click Certificates.

When the page refreshes, click the Generate Certificate Request button.

On the pop-up that appears, fill out the form with your organization’s data and click Request
Certificate.

Once your Certificate Request has been generated, copy the text in the field and send it to your
certificate authority.

Once you have received your signed certificate back from the certificate authority, you can
import it into the Protection Server.

To do this return to the Certificates sub-menu, under the System/Certificates section.

© 2023 Proofpoint, Inc. - All rights reserved. Confidential and proprietary. 1


Click the Import button to begin the import process.

On the Import Certificate pop-up that appears, click the Browse button to locate the certificate
file on your local machine.

Once located, select the file, and click Open.

Ensure the Format matches the extension of the selected file.

If the certificate file has a password, you would enter it as well.

When the settings are complete, click Import.

Once your signed certificate is imported, it will appear in the list of installed certificates.

To use the newly imported certificate for SMTP connections, navigate to the Services sub-menu
of Certificates.

Click on the drop-down for the SMTP Server. And select the newly installed certificate, in place
of the default, self-signed certificate.

Then click Save Changes.

To enable encryption for the trusted partner domain, navigate to the SMTP Encryption menu,
which is also under the System section.

Expand the menu and select Settings.

On the settings page, we’ll enable TLS. Set the minimum cipher for configured domains to a
128-bit key. Request client certificates. And enable the sending of our local client certificate.
We'll set the minimum protocol versions to values considered to be best practice for inbound
and outbound messages.

Then click Save Changes.

The last step is to configure the partner’s domain. Navigate to the TLS Domains sub-menu,
under SMTP Encryption. Then click the Add button.

© 2023 Proofpoint, Inc. - All rights reserved. Confidential and proprietary. 2


On the pop-up that appears, we’ll input the domain of our trusted partner, megabank.com.
We’ll add a brief description. We’ll ensure the connection is Always encrypted. We’ll require
the remote server provide a valid certificate for connections. And if any of these verifications
fail, we’ll send a Retry message in response.

Finally click Add Entry.

The encrypted connection has been set up and is working fine. Several months go by without
any problems. Today, however, Cooper is notified that Acme users are no longer able to send
messages to MegaBank. When he troubleshoots this, he finds that the MegaBank certificate has
expired.

MegaBank confirms Cooper’s findings and gets to work right away renewing their certificate. In
the meantime, management confirms that turning off encryption in order to keep business
operations flowing is not an option. The traffic must be encrypted. They decide that using the
expired MegaBank certificate to encrypt the traffic is an acceptable temporary solution while
MegaBank gets their certificate renewed.

To do this navigate back to the TLS Domains sub-menu under System/SMTP Encryption.

Then, click on the domain name.

On the pop-up that appears, select the Off toggle for the Require Valid Certificate setting. Then
click Save Changes.

This will allow encrypted connections to occur while Mega Bank resolves their certificate
renewal issues.

And that worked. Secure connections with MegaBank have resumed. When the certificate is
renewed, Cooper can simply toggle the setting back to on.

Be sure to join us for the next lesson, and thanks for watching!

© 2023 Proofpoint, Inc. - All rights reserved. Confidential and proprietary. 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy