Certificate validation – Google Message Security for Google Apps Administration Guide User Manual
Page 312
312
Message Security for Google Apps Administration Guide
2.
If TLS is set to “Accept only SMTP” or “Send only SMTP”, change your
settings to allow TLS. The recommended setting is “SMTP or TLS.” See
“Transport Layer Security for Outbound Mail” on page 521 for more
information on outbound TLS settings.
3.
Scroll to the Outbound TLS by Sender Domain section, at the bottom of the
page. If you do not see this section, you do not have Policy Enforced TLS
enabled. Contact your account representative for information.
4.
Enter the domain name you wish to set as TLS-only. Type the exact domain
name. Wildcards and subdomains are not supported; each subdomain must
be added separately.
5.
Click Add. The change takes effect immediately.
6.
Optional: Set Certificate Validation. The default setting, Encryption Only,
should be sufficient for most domains, but you can validate the recipient’s
certificate by changing this setting to Verify Certificate, Trust Check, or
Domain Check. For more information, see “Certificate Validation” on
page 312.
7.
Go to the Batch page in the Orgs & Users tab.
To remove a domain, select the domain you wish to delete and click Remove.
The change takes effect immediately.
8.
Set up TLS Alerts. For more information, see “TLS Alerts” on page 316.
Certificate Validation
Use Certificate Validation when you need to assure that a specific contact domain
does not contain any invalid TLS certificates.
Many domains inadvertently use invalid TLS certificates for legitimate mail, so you
should only use this feature when you are actively working with a partner to
establish a secure TLS connection that validates a proper certificate.