The following steps when utilized will allow for secure communication between Symantec Mail Security for Microsoft Exchange consoles using self signed certificates.
Windows 2012 R2 / Exchange 2013
The following steps are required for both local access and access from a remote SMSMSE console.
Configuring SMSMSE Server to listen for SSL traffic:
- Open Server Manager
- In Server Manager choose Tools > Internet Information Services (IIS) Manager.
- Under "Connections" select the ServerName.
- Under "ServerName Home" right-click Server Certificates and choose Open Feature.
- Select "Create Self-Signed Certificate"
- Once in the wizard specify a "Friendly Name" that identifies this certificate (eg. SMSMSE_SSL)
- Click OK and a new certificate with the specified "Friendly Name" is created.
- Right-Click the new certificate then choose Export.
- Provide a path and name (eg. Friendly Name) leave the extension as default (pfx). Provide password, Click OK.
- Under "Connections" expand "Sites" then select "Symantec Mail Security for Microsoft Exchange"
- Under "Symantec Mail Security for Microsoft Exchange Home" right-click SSL Settings and select Bindings.
- Click Add. (Do Not specify a value within Hostname or remote connections will most likely fail)
- Set type to HTTPS. Set port to 8082. Under SSL Certificate select the "Friendly Name" certificate from previous step. Click OK.
- Under "Symantec Mail Security for Microsoft Exchange Home" right-click SSL Settings and select "Open Feature".
- Check box "Require SSL". Set Client certificates to "Accept". ON the right-hand side click "Apply"
- Close the Internet Information Services (IIS) Manager.
For Remote Console access perform the following additional steps.
Windows Firewall rule creation:
(Note: This process is required only on servers that have Windows Firewall enabled. These changes must be made on each SMSMSE server)
- In Server Manager choose Tools > Windows Firewall with Advanced Security.
- In the left-hand pane choose "Inbound Rules"
- On the Actions window choose "New Rule"
- In the "New Inbound Rule Wizard" choose Port and click Next.
- Specify the local port of 8082 and click Next until you reach category Name. Specify Name (eg SMSMSE Inbound SSL)
- Click Finish to create a new inbound firewall rule.
Importing Certificate to Remote console machine:
(Note: This process is required for the server in which will be managing all SMSMSE assets)
- Navigate to the file location the certificate was exported in step 9 in the first section
- Copy the certificate to the Remote console server.
- Open the (local computer) Certificates MMC snap-in. (From a "run" window type MMC. File > add/remove snap-in)
- Navigate to "Trusted Root Certificate Authorities" > Certificates. In the right-hand pane right-click and choose All Tasks > Import.
- Within the Import Wizard click Browse. Change filetype to "Personal Information Exchange" and select your certificate then click Open.
- Click Next, Check "Mark Key as exportable", specify password used during certificate export then click next until you can finish.
- Repeat the previous import process using the same certificate under "Personal" > Certificates.
Configuring SMSMSE Console for remote access:
- Open SMSMSE Console.
- Click Assets (at the top)
- (Skip this step if the server is already added) Click Add Server. Locate and select server. Click >>. Do not modify port value and click OK.
- Right-Click remote ServerName under assets and choose Properties.
- Check "Use SSL" and set port value to 8082. Click OK, Click Close.
- Close the SMSMSE Console.
- Open the SMSMSE Console. Click Change, select the remote server to test secure communication.