Skip to main content
Matrix42 Self-Service Help Center

Mail Gateway Integration X: User Based Certificate Authentication

Requirements

Import Root CA Certificate

  • Open certlm.msc on your Mail Gateway server
  • Expand Trusted Root Certificate Authorities
  • Right-Click Certificates
  • Select All Tasks
  • Select Import
  • Click Next
  • Click Browse
  • Select your Root CA Certificate
  • Click Next
  • Click Next
  • Click Finish
  • Confirm with Yes
  • Close with OK

Import Intermediate Certificate (Optional)

  • Expand Intermediate Root Certificate Authorities
  • Right-Click Certificates
  • Select All Tasks
  • Select Import
  • Click Next
  • Click Browse
  • Select your Intermediate CA Certificate
  • Click Next
  • Click Next
  • Click Finish
  • Confirm with Yes
  • Close with OK

Enable Certificate Authentication

SSL Settings

  • Open Internet Information Services (IIS) Manager
  • Expand your Server
  • Expand Sites
  • Click on Default Web Site
  • Double Click on SSL Settings
  • Enable Require SSL
  • Change Client certificate to Require
  • Click Apply
  • Restart IIS

Additional Steps for Windows Server 2022

  • Right Click Default Web Site
  • Click Edit Bindings
  • Double-click the https entry
  • Activate the Disable TLS 1.3 over TCP checkbox 
  • Click OK
  • Click Close
  • Restart IIS

Check Connection

  • Try to open the following URL from a workstation or from a mobile device
    • https://smg.imagoverum.com/Microsoft-Server-ActiveSync/HealthCheck.htm
  • You should be prompted for a certificate
  • Enroll a device and assign an Tag which will distribute a certificate to the device
  • On the mobile device, try to open e.g.
    • https://smg.imagoverum.com/Microsoft-Server-ActiveSync/HealthCheck.htm
  • You should be prompted for a certificate
  • Select the user certificate
  • You should now see the same results as described in Mail Gateway Integration VI: Connection Check
  • Was this article helpful?