Articles in this section

Configure certificates

Updated

This article describes how to generate certificates to be used to encrypt the communication between Templafy Email Signature Server and Exchange Online.

  Prerequisites

  • Templafy Email Signature Server.
  • Powershell version >= 6.1 and Administrator rights on the machine.

Overview

TLS X.509 cryptographic certificates are used to encrypt and secure the communication channels between the Templafy Email Signature Server and Exchange Online server over SMTP and Exchange Web Services. These certificates may be self-signed or issued by a Certificate Authority and packaged in a PKCS #12 archive file.

The PowerShell script below will generate the following files:

azureAppRegistrationCertificate.pfx
azureAppRegistrationCertificatePassword
smtpTlsCertificate.pfx
smtpTlsCertificatePassword
keyCredentials.txt

  Note

  • We recommend using a CA Certificate, which allows you to match to a specific subject name.
  • Office 365 will not trust destination servers with a Self-signed certificate or a trusted one with a different subject name. By using Self-signed certificates, it should be known that they cannot be invalidated or revoked over time, and they can be "lost" as they are not managed by a public key infrastructure (PKI).

Generate Certificates

  • Start PowerShell as an Administrator.
  • Download the PowerShell script.
  • You might need to run Set-ExecutionPolicy Bypass to allow to execute our script.
  • Create and navigate to a folder where the Certificate will be stored, then run the PowerShell script.
  • A strong password securing the certificates will be generated automatically by the PowerShell script.

Optional: Provide certificate password

If you would like to provide the strong password, add a -PromptForPassword switch to the script invocation: > .\generateAndExportSelfSignedCertificateAndKeyCredentials.ps1 -PromptForPassword.

  Note

Provide a unique password that uses special characters, mixed case, and numbers that is at minimum 15 characters in length.

Optional: Provide a pre-generated CA issued certificate in PKCS #12 archive format

If you would like to provide a pre-generated certificate, or Certificate Authority issued certificates, add a -CertificatePath <path-to-pfx-archive-file> switch to the script invocation: > .\generateAndExportSelfSignedCertificateAndKeyCredentials.ps1 -CertificatePath <path-to-pfx-archive-file>.

  Note

The provided file must be a certificate packaged in the PKCS #12 (.pfx) archive format.

Related to

ESS email signature add-in tech_role
Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.