Email Encryption Guide

Document created by user.oxriBaJeN4 Employee on Sep 7, 2015Last modified by user.oxriBaJeN4 Employee on Sep 10, 2019
Version 9Show Document
  • View in full screen mode

We can connect or synchronize with your infrastructure utilizing secure SSL based encryption methods. Using encryption increases the security of your traffic, and requires a valid SSL certificate to be installed. Encryption can be applied to email delivery (TLS), Directory Sync (LDAPS) and Journaling (POP3S).

Mimecast supports connections using TLS 1.0, 1,1 and 1.2 for AES-256, MD5, and AnonDHE.

Configuring Certificates

To implement certificates in your environment, you will need to install and configure the certificate on the relevant server, i.e. directory server for LDAPS and your mail server for TLS and POP3S. A valid SSL certificate (public, or in certain instances a self-signed certificate) is required.


Obtaining / Installing Exchange Certificates

The first step in obtaining an SSL certificate is to generate a certificate signing request (CSR). The method used is determined by the Exchange Server version. For a public certificate, the request should then be submitted to one of the supported Certificate Authorities. Once the certificate has been issued by the Certificate Authority, import the certificate into the relevant server. After installing the certificate, you will need to enable it for use with the relevant service.


TLS (Transport Layer Security)

TLS provides an encrypted end to end tunnel for the secure transmission of emails. TLS can be configured on Mimecast using policies and can be enabled based on the sender, recipient, and content of the email.