I.   How to import a local TLS certificate in MailGate?

1. Open the Admin UI, navigate to Administration > Certificates > Local Certificates and click on "TLS Certificate" button (top-right of the screen).
2. Click "Import" and browse to the certificate file (in PKCS#12 or PEM format).

For more information, please refer to the MailGate Administrator's Guide, chapter "Managing Local Certificate". Once you have the certificate in place, you will need to set up the corresponding sending and receiving policies.

II.   How to create a TLS required policy for inbound e-mail?

1. Open the Admin UI, navigate to Relay Policies > General Settings > Connection Policies > Receiving Connection Policies > New Receiving Policy.
2. Specify the TLS settings preferred: Allow or Accept Connections and check the checkbox in front of "Require TLS". Specify a distinguishing name for the policy.
3. Click "Save".

III.   How to apply the receiving policy on a specific domain?

1. Create an entry for this domain. To do so, please navigate to Relay Policies > External > Domains > New External Domain.
2. In the New External Domain setting, please select the newly created TLS required policy under "Receiving Connection Policy".
3. Click "Save".

IV.   How to create a TLS required policy for outbound e-mail?

1. Open the Admin UI, navigate to Relay Policies > General Settings > Connection Policies > Sending Connection Policies > New Sending Policy.
2. Specify the TLS settings preferred: Enable TLS and mark the checkbox in front of Require TLS. You also can select to validate the certificate, if desired.
3. Click "Save".

V.   How to apply the sending policy on a specific domain?

1. Create a record for this domain. To do so, please navigate to Relay Policies > External > Domains > New External Domain (or edit the record, should it already exists).
2. In the New External Domain setting, please select the newly created TLS required policy under "Sending Connection Policy".
3. Click "Save".