Certificate validation – Google Message Encryption Administration Guide User Manual

18

Postini Encryption Services Administration Guide

4.

Enter the domain name you wish to set as TLS-only. Type the exact domain
name. Wildcards and subdomains are not supported; each subdomain must
be added separately.

5.

Click Add. The change takes effect immediately.

6.

Optional: Set Certificate Validation. The default setting, Encryption Only,
should be sufficient for most domains, but you can validate the recipient’s
certificate by changing this setting to Verify Certificate, Trust Check, or
Domain Check. For more information, see “Certificate Validation” on page 18.

7.

Recommended: Enable TLS Alerts so you will be notified if a problem occurs.
See “TLS Alerts” on page 22 for more information.

To remove a domain, select the domain you wish to delete and click Remove. The
change takes effect immediately.

Certificate Validation

Policy Enforced TLS can analyze and validate TLS certificates, and block
sessions that use malformed or spoofed certificates. When outbound mail is sent
to a domain that is configured for Certificate Validation, Policy Enforced TLS
verifies the format, source, and domain of the certificate.You can specify different
validation settings for each domain.

Set up Certificate Validation for each domain on the Outbound TLS settings page,
under the heading “Domain-Specific Setting for Outbound TLS.”