Certificate validation settings – Google Message Security for Google Apps Administration Guide User Manual

Transport Layer Security

313

WARNING:

If set up improperly, Certificate Validation can interrupt mail flow. Check

your settings and certificates before setting up certificate validation.

Certificate Validation is an advanced feature for administrators who need to verify
TLS certificates to avoid malformed or spoofed certificates. When outbound mail
is sent to a domain that is configured for Certificate Validation, Policy Enforced
TLS verifies the format, source, and domain of the certificate.You can specify
different validation settings for each domain.

Set up Certificate Validation for each domain on the Outbound TLS settings page,
under the heading “Domain-Specific Setting for Outbound TLS.”

To set up Certificate Validation:

1.

Go to Outbound TLS settings in the Administration Console.

2.

If the domain is not already listed in Policy Enforced TLS, add the recipient
domain to Policy Enforced TLS.

3.

Under “Domain-Specific Setting for Outbound TLS,” set TLS Certification to
the appropriate setting and click Save Selected.

Certificate Validation Settings

Certificate Verification is a powerful tool to protect your secure connection from
spoofing and invalid certificates. However, it also will interrupt mail flow if the
recipient’s certificate is not set up correctly. If protection from spoofing and invalid
certificates is not a major concern, use Encrypt Only. Use Certificate Verification if
you wish to set up regular, ongoing secure connections with a specific partner for
extremely sensitive information.