You are viewing limited content. For full access, please sign in.

Question

Question

Having problems with O365 TLS certificate setup in Email Archive

Import Agent Version 10 Security
Updated September 6, 2018
asked on September 5, 2018

Hi guys,

I'm not sure how to get O365 TLS certificate into the Email Archive settings.  I've followed the Microsoft instructions on setting up the Exchange Online TLS certificate and have the newly enabled "GlobalSign Root CA" certificate in the "Trusted Root Certification Authorities\Certificates" store on the Laserfiche server.  I've gone into the Email Archive settings, ticked "Require TLS", but the dropdown only shows a couple of available certificates, neither of them are the GlobalSign one.  I could copy and paste the certificate thumbnail into the Email Archive config.xml file, but aren't sure if that's a good approach.

Also, should I be enabling the "require client certificate" option, it's not clear from the admin guide "Select if the client certificate will be required and/or checked."?

Any advice on this process would be much appreciated.

Thanks,

Mike

0 0

Replies

replied on September 6, 2018

So you are trying to require that the Import Agent Email Archive service uses TLS, if I understand you correctly? The instructions you linked to are for validating the certificates used by the online Exchange/Office 365 mail servers. That is not relevant to your setup (other than verifying that your trusted root certificates includes the one used by MS, which it sounds like you already did).

You will need to purchase your own server certificate from a certificate authority (or perhaps you can get a free one from Let's Encrypt... but those need to be replaced constantly). It needs to be installed on the Email Archive server, usually in the Local Machine\Personal certificate store, and possibly also in the Local Machine\Web Hosting certificate store. This should allow it to be selected in the drop-down from the Email Archive configuration. You do not need client certificates.

0 0
replied on September 6, 2018

Thanks Scott, that goes to show that I don't have a proper grasp on the requirements.  The instructions I linked to are what the IT company who manage the customer's O365 email sent me as the other IT company that hosts the Laserfiche server said they can't open the firewall to O365 to enable the Email Archive functionality as there are too many potential sending servers hence a TLS certificate being required.  It's doing my head in to be honest as I don't have a clue about that side of things, but I'll go back to them re. the server certificate.

Thanks,

Mike

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...