requirements about encryption in email gateway?

I have exchange servers with the email gateway solution, do I necessarily require a certificate on my servers? apart from being compatible with tls 1.2 encryption by enabling encryption.
I understand that sophos forwards encrypted incoming emails to the servers but in case internal users send encrypted emails, what is the process?
  • Hello Eder,

    Thank you for contacting the Sophos Community.

    These are the types of Encryption that Central Email offers:

    • Send via TLS. This uses push based email encryption using AES 256 during email transport. Users manage their encrypted emails with their usual email client.
    • Push Encryption. Encrypted emails are converted to PDF files and attachments are natively encrypted. These are delivered to the users' email client.
    • Portal Encryption. This delivers encrypted emails to Sophos Secure Message. Recipients manage their encrypted emails in Sophos Secure Message.

    If you select Send via TLS you are correct you just need to enable TLS v1.2 with the following ciphers 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL'. For more information.

    But you don't need certificates on your Exchange server.


    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.