When full MTA email analysis is enabled on an NSX Lastline Sensor, the sensor will deliver analyzed emails to the next hop, optionally using SSL/TLS.
The default SSL certificate the SMTP server will present is a self-signed one. If needed, it is possible to manually replace it with a custom certificate. Here are the steps that need to be followed:
llmail::ssl_client_cert_file: "/etc/ssl/certs/<hostname>.pem" llmail::ssl_client_key_file: "/etc/ssl/private/<hostname>.key"
The certificate and key should be in the PEM format (Base64 encoded ASCII). For examples of the certificate and the key, see the other files in the same directories.
"<hostname>" should be the hostname for which the SSL certificate has been generated.