Home > Knowledge Base > Getting Started with Mimecast > Implementation > Mimecast Infrastructure > SSL Certificates

SSL Certificates

An SSL (Secure Sockets Layer) Certificate enables encryption of all information moving across the specified protocol.  For some Mimecast connections, Administrators have the option to use unencrypted or encrypted connections.  This includes Journaling (POP3 vs. POP3S), Directory Synchronization (LDAP vs. LDAPS) and email processing (SMTP vs. TLS).  

Note: Mimecast supports TLS 1.0 for AES-256, RC4, MD5 and AnonDHE.

 

To use any of these secure protocols, a public SSL certificate is required to be installed and configured in the customer's local environment.

Note: Mimecast supports self-signed certificates in certain instances. For example, for LDAP Authentication: Setting the encryption mode to Relaxed permits encryption with self-signed certificates and other valid certificates which may not have a complete trust chain. ONLY Mimecast Support can change this option for you.

 

Administrators may be concerned about sending or receiving clear text traffic across the internet, as it is possible to intercept the data in transit.  If so, certificates can be used for those connections between Mimecast and their environment, which ensures that all traffic between Mimecast and the customer site is sent encrypted via an SSL tunnel.

What are the supported SSL certificates?

Mimecast supports both 1024-bit and 2048-bit certificates. The list below covers all the SSL certificates that Mimecast supports:

  •  addtrust class 1 ca root
  •  addtrust external ca root
  •  addtrust external ca root (utn-userfirst-hardware,ou=http
  •  addtrust public ca root
  •  addtrust qualified ca root
  •  affirmtrust networking ca
  •  america online root certification authority 1
  •  america online root certification authority 2
  •  aol member ca (america online root certification authority 1,o=america online inc.,c=us)
  •  baltimorecodesigningca
  •  baltimorecybertrustca
  •  certplus class 1 primary ca
  •  certplus class 2 primary ca
  •  certplus class 3 primary ca
  •  certplus class 3p primary ca
  •  certplus class 3ts primary ca
  •  comodo aaa certificate services
  •  comodo certification authority (utn - datacorp sgc,ou=http
  •  comodo high assurance secure server ca (comodo certification authority)
  •  comodo high-assurance secure server ca (addtrust external ca root)
  •  comodo secure certificate services
  •  comodo trusted certificate services
  •  cybertrust global root
  •  CyberTrust Secure Server
  •  cybertrust sureserver ev ocsp ca (cybertrust global root)
  •  cybertrust sureserver standard validation ca (gte cybertrust global root)
  •  deutsche bank group root ca 3
  •  deutsche bank secure e-mail ca 3 (deutsche bank group root ca 3,ou=pki,o=deutsche bank ag,c=de)
  •  deutsche bank server ca 2 (deutsche bank group root ca 3,ou=pki,o=deutsche bank ag,c=de)
  •  deutsche telekom ca 6 (gte cybertrust global root,ou=gte cybertrust solutions\)
  •  deutsche telekom root ca 1
  •  deutsche telekom root ca 2
  •  digicert assured id ca-1 (digicert assured id root ca)
  •  digicert assured id code signing ca-1 (digicert assured id root ca)
  •  digicert assured id root ca
  •  digicert ecc secure server ca (digicert global root ca)
  •  digicert global ca (2048) (entrust.net certification authority (2048))
  •  digicert global ca (entrust.net secure server certification authority)
  •  digicert global ca-1 (digicert global root ca)
  •  digicert global root ca
  •  digicert high assurance ca-3 (digicert high assurance ev root ca)
  •  digicert high assurance ca-3 (digicert high assurance ev root ca,ou=www.digicert.com,o=digicert inc,c=us)
  •  digicert high assurance code signing ca-1 (digicert high assurance ev root ca)
  •  digicert high assurance ev ca-1 (digicert high assurance ev root ca)
  •  digicert high assurance ev root ca
  •  digicert high assurance ev root ca (entrust.net secure server certification authority,ou=(c) 1999 entrust.net limited,ou=www.entrust.net/cps incorp. by ref. (limits liab.),o=entrust.net,c=us)
  •  digicert secure server ca (digicert global root ca)
  •  digicert sha2 secure server ca (digicert global root ca)
  •  entrust certification authority - l1b (entrust.net certification authority (2048),ou=(c) 1999 entrust.net limited,ou=www.entrust.net/cps_2048 incorp. by ref. (limits liab.),o=entrust.net)
  •  entrust certification authority - l1c (entrust.net certification authority (2048),ou=(c) 1999 entrust.net limited,ou=www.entrust.net/cps_2048 incorp. by ref. (limits liab.),o=entrust.net)
  •  entrust certification authority - l1e (entrust root certification authority,ou=(c) 2006 entrust\)
  •  entrust root certification authority
  •  entrust root certification authority (entrust.net secure server certification authority,ou=(c) 1999 entrust.net limited,ou=www.entrust.net/cps incorp. by ref. (limits liab.),o=entrust.net,c=us)
  •  entrust root certification authority - g2
  •  entrust.net certification authority (2048)
  •  entrust.net certification authority (2048) (entrust.net secure server certification authority,ou=(c) 1999 entrust.net limited,ou=www.entrust.net/cps incorp. by ref. (limits liab.),o=entrust.net,c=us)
  •  entrust2048ca
  •  entrustclientca
  •  entrustglobalclientca
  •  entrustgsslca
  •  entrustsslca
  •  equifax digitary trust network (equifax secure ebusiness ca-1,o=equifax secure inc.,c=us)
  •  equifax premium certificate authority
  •  equifaxsecureca
  •  equifaxsecureebusinessca1
  •  equifaxsecureebusinessca2
  •  equifaxsecureglobalebusinessca1
  •  essentialssl ca (comodo certification authority,o=comodo ca limited,l=salford,st=greater manchester,c=gb)
  •  eunet international root ca
  •  geotrust ca for adobe (adobe root ca,ou=adobe trust services,o=adobe systems incorporated,c=us)
  •  geotrust dv ssl ca (geotrust global ca)
  •  geotrust extended validation ssl ca (geotrust primary certification authority)
  •  geotrust global ca
  •  geotrust global ca 2
  •  geotrust mobile device root - privileged
  •  geotrust mobile device root - unprivileged
  •  geotrust primary certification authority
  •  geotrust primary certification authority - g2
  •  geotrust ssl ca (geotrust global ca)
  •  geotrust true credentials ca 2 (equifax secure ebusiness ca-1,o=equifax secure inc.,c=us)
  •  geotrust universal ca
  •  geotrust universal ca 2
  •  geotrustglobalca
  •  globalsign (globalsign root ca)
  •  globalsign domain validation ca (globalsign root ca)
  •  globalsign domain validation ca - g2 (globalsign root ca)
  •  globalsign extended validation ca (globalsign)
  •  globalsign extended validation ca - g2 (globalsign)
  •  globalsign organization validation ca (globalsign root ca)
  •  globalsign organization validation ca - g2 (globalsign root ca)
  •  globalsign primary secure server ca (globalsign root ca)
  •  globalsign root ca
  •  globalsign rootsign partners ca (globalsign root ca)
  •  globalsign serversign ca (globalsign primary secure server ca)
  •  globalsign-rc2
  •  go daddy class 2 certification authority - microsoft code verification
  •  go daddy root certificate authority - g2
  •  go daddy root certificate authority - g2 (microsoft code verification root)
  •  go daddy secure certificate authority - g2 (go daddy root certificate authority - g2)
  •  go daddy secure certification authority
  •  godaddyclass2ca
  •  gtecybertrustglobalca
  •  microsoft root authority
  •  network solutions certificate authority
  •  network solutions certificate authority (utn-userfirst-hardware,ou=http
  •  network solutions ev ssl ca (network solutions certificate authority,o=network solutions l.l.c.,c=us)
  •  quovadis eu issuing certification authority (quovadis root certification authority)
  •  quovadis eu qualified issuing certification authority (quovadis root certification authority)
  •  quovadis global ssl ica (quovadis root ca 2,o=quovadis limited,c=bm)
  •  quovadis grid ica (quovadis root certification authority)
  •  quovadis ica 3 (quovadis root certification authority,ou=root certification authority,o=quovadis limited,c=bm)
  •  quovadis issuing ca g3 (quovadis root certification authority)
  •  quovadis qualified issuing certification authority 1 (quovadis root certification authority)
  •  quovadis root ca 2
  •  quovadis root ca 2 (quovadis root certification authority,ou=root certification authority,o=quovadis limited,c=bm)
  •  quovadis root ca 3
  •  quovadis root certification authority
  •  quovadis suisseid advanced ca (quovadis root certification authority)
  •  quovadis suisseid qualified ca (quovadis root certification authority)
  •  quovadis swiss advanced ca (quovadis root certification authority)
  •  qv schweiz ica (quovadis root certification authority,ou=root certification authority,o=quovadis limited,c=bm)
  •  Register.com
  •  register.com ca ssl services (dv) (utn-userfirst-hardware)
  •  register.com ca ssl services (ov) (utn-userfirst-hardware)
  •  siemens business services trust center root-ca v1.1.1
  •  siemens issuing ca ee enc (siemens business services trust center root-ca v1.1.1,ou=copyright (c) siemens business services 2003 all rights reserved,o=siemens,c=de)
  •  starfield class 2 certification authority - microsoft code verification
  •  starfield root certificate authority - g2
  •  starfield root certificate authority - g2 (microsoft code verification root)
  •  starfield secure certificate authority - g2 (starfield root certificate authority - g2)
  •  starfield secure certification authority
  •  starfield secure certification authority (http
  •  starfield services root certificate authority
  •  starfield services root certificate authority - g2
  •  starfield services root certificate authority - g2 (starfield services root certificate authority)
  •  starfieldclass2ca
  •  startcom certification authority
  •  startcom certification authority g2
  •  startcom extended validation client ca (startcom certification authority)
  •  startcom extended validation server ca (startcom certification authority)
  • startfiled_cross_intermediate
  •  Swisscom
  •  swisscom customer ca 2 (swisscom root ca 2)
  •  swisscom customer root ca 1 (swisscom root ca 1)
  •  swisscom diamant ca 1 (swisscom root ca 1)
  •  swisscom diamant ca 2 (swisscom root ca 2)
  •  swisscom diamant suisseid ca 2 (swisscom root ca 2)
  •  swisscom quartz ev ca 1 (swisscom root ev ca 1)
  •  swisscom quarz ev ca 2 (swisscom root ev ca 2)
  •  swisscom root ca 1
  •  swisscom root ca 2
  •  swisscom root ev ca 1
  •  swisscom root ev ca 2
  •  swisscom rubin ca 1 (swisscom root ca 1)
  •  swisscom rubin ca 2 (swisscom root ca 2)
  •  swisscom saphir ca 1 (swisscom root ca 1)
  •  swisscom saphir ca 2 (swisscom root ca 2)
  •  swisscom saphir suisseid ca 2 (swisscom root ca 2)
  •  swisscom smaragd ca 1 (swisscom root ca 1)
  •  swisscom smaragd ca 2 (swisscom root ca 2)
  •  swisscom suisseid diamant ca 1 (swisscom root ca 1)
  •  swisscom suisseid saphir ca 1 (swisscom root ca 1)
  •  swisscom tsa ca 1 (swisscom root ca 1)
  •  swisscom tss ca 2 (swisscom root ca 2)
  •  swisssign ca (rsa ik may 6 1999 18
  •  swisssign gold ca - g2
  •  swisssign platinum ca - g2
  •  swisssign silver ca - g2
  •  symantec class 3 extended validation code signing ca (verisign class 3 public primary certification authority - g5)
  •  t-telesec globalroot class 2
  •  t-telesec globalroot class 3
  •  tc trustcenter class 1 l1 ca ix (tc trustcenter universal ca i,ou=tc trustcenter universal ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 1 l1 ca v
  •  tc trustcenter class 1 l1 ca vii
  •  tc trustcenter class 2 ca ii
  •  tc trustcenter class 2 l1 ca v
  •  tc trustcenter class 2 l1 ca vii
  •  tc trustcenter class 2 l1 ca xi (tc trustcenter class 2 ca ii,ou=tc trustcenter class 2 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 2 l1 ca xii (tc trustcenter class 2 ca ii,ou=tc trustcenter class 2 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 2-ii l1 ca iv (tc trustcenter class 2 ca ii,ou=tc trustcenter class 2 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 2-ii l1 ca viii (tc trustcenter class 2 ca ii,ou=tc trustcenter class 2 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 3 ca ii
  •  tc trustcenter class 3 l1 ca ix (tc trustcenter universal ca i,ou=tc trustcenter universal ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 3 l1 ca v
  •  tc trustcenter class 3 l1 ca vii
  •  tc trustcenter class 3 l1 ca xi (tc trustcenter class 3 ca ii,ou=tc trustcenter class 3 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 3-ii l1 ca iv (tc trustcenter class 3 ca ii,ou=tc trustcenter class 3 ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter class 4 ca ii
  •  tc trustcenter class 4 extended validation ca i (tc trustcenter universal ca iii,ou=tc trustcenter universal ca,o=tc trustcenter gmbh,c=de)
  •  tc trustcenter universal ca i
  •  tc trustcenter universal ca ii
  •  tc trustcenter universal ca iii
  •  telesec serverpass ca 1 (baltimore cybertrust root)
  •  thawte code signing ca - g2 (thawte primary root ca,ou=(c) 2006 thawte\)
  •  thawte dv ssl ca (thawte primary root ca,ou=(c) 2006 thawte\)
  •  thawte extended validation ssl ca (thawte primary root ca,ou=(c) 2006 thawte\)
  •  thawte personal basic ca
  •  thawte personal premium ca
  •  thawte premium server ca
  •  thawte primary root ca
  •  thawte primary root ca (thawte premium server ca)
  •  thawte primary root ca (thawte premium server ca,ou=certification services division,o=thawte consulting cc,l=cape town,st=western cape,c=za)
  •  thawte primary root ca - g2
  •  thawte primary root ca - g3
  •  thawte server ca
  •  thawte sgc ca
  •  thawte sgc ca - g2 (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  thawte ssl ca (thawte primary root ca,ou=(c) 2006 thawte\)
  •  thawte ssl domain ca (thawte server ca,ou=certification services division,o=thawte consulting cc,l=cape town,st=western cape,c=za)
  •  thawte timestamping ca
  •  thawte universal ca root
  •  thawtepersonalbasicca
  •  thawtepersonalpremiumca
  •  thawtepremiumserverca
  •  thawteserverca
  •  trustis fps  healthcare issuing authority chain2
  •  trustis fps healthcare issuing authority
  •  trustwave client authentication certification authority (xramp global certification authority)
  •  trustwave code signing ca\ (xramp global certification authority)
  •  trustwave domain validation ca\ (securetrust ca)
  •  trustwave organization validation ca\ (securetrust ca)
  •  trustwave securetrust ca
  •  trustwave xramp global certification authority
  •  tsa01.quovadisglobal.com (quovadis root certification authority)
  •  utn - datacorp sgc
  •  utn - datacorp sgc (addtrust external ca root)
  •  utn-userfirst-client authentication and email
  •  utn-userfirst-client authentication and email (aaa certificate services,o=comodo ca limited,l=salford,st=greater manchester,c=gb)
  •  utn-userfirst-client authentication and email (addtrust external ca root,ou=addtrust external ttp network,o=addtrust ab,c=se)
  •  utn-userfirst-hardware
  •  utn-userfirst-hardware (addtrust external ca root)
  •  utn-userfirst-hardware (addtrust external ca root,ou=addtrust external ttp network,o=addtrust ab,c=se)
  •  utn-userfirst-network applications
  •  utn-userfirst-object
  •  valicert-class1-policy-validation
  •  valicert-class2-policy-validation
  •  valicert-class3-policy-validation
  •  valicert-rsa-public-root-ca
  •  valicertclass2ca
  •  verisign class 1 public primary certification authority - g2
  •  verisign class 1 public primary certification authority - g3
  •  verisign class 3 code signing 2004 ca
  •  verisign class 3 code signing 2009-2 ca
  •  verisign class 3 code signing 2010 ca (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  verisign class 3 extended validation ssl ca (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  verisign class 3 extended validation ssl sgc ca (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  verisign class 3 international server ca - g3 (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  verisign class 3 open financial exchange ca - g2
  •  verisign class 3 public primary certification authority
  •  verisign class 3 public primary certification authority - g4
  •  verisign class 3 public primary certification authority - g5
  •  verisign class 3 public primary certification authority - g5 - non standard
  •  verisign class 3 secure intranet server ca
  •  verisign class 3 secure ofx ca - g3
  •  verisign class 3 secure server ca - 29may08
  •  verisign class 3 secure server ca - g2
  •  verisign class 3 secure server ca - g3 (verisign class 3 public primary certification authority - g5,ou=(c) 2006 verisign\)
  •  verisign class 4 public primary ca
  •  verisign class 4 public primary certification authority - g2
  •  verisign class 4 public primary certification authority - g3
  •  verisign universal root certification authority
  •  verisign-managedpki-premiumssl-intermediate
  •  verisignclass1ca
  •  verisignclass1g2ca
  •  verisignclass1g3ca
  •  verisignclass2ca
  •  verisignclass2g2ca
  •  verisignclass2g3ca
  •  verisignclass3ca
  •  verisignclass3g2ca
  •  verisignclass3g3ca
  •  verisigntrustnetwork-19may2018

For information on how to use these certificates for specific protocols, view the Email Encryption Guide.

You must to post a comment.
Last Modified
07:06, 13 Oct 2014

Tags

This page has no custom tags.
Current Page ID: 865

Feedback Tell Us What you Think.png