Exchanging the TLS certificates

Connectors

It may be necessary to exchange the TLS certificates used for connectors. This is the case, for example, when the TLS certificates are about to expire. To replace them, proceed as follows:

  1. Import the new TLS certificate and the private key into the Windows certificate stores of all computers on which a Gateway Role is installed.

  2. In the certificate store, right-click the imported TLS certificate and select All Tasks > Manage Private Key.

  3. Add the Gateway Role via Add > Object Name "nt service\NoSpamProxyGatewayRole" and give it read permissions on the key.
  4. (If the Gateway role and Intranet role are installed on different computers) In addition, import the public key to the computer on which the Intranet Role is installed.
  5. Restart the respective services.
  6. Go to Configuration > Email Routing, open the desired connector and select the new certificate.

NOTE: After the selection, you will be prompted to restart the respective gateway services concerned so that they can use the set authorisation on the private key.

Web Portal

  1. Import the new TLS certificate and the private key into the Windows certificate stores of all computers on which a Gateway Role is installed.
  2. Open the Internet Information Services (IIS) Manager and open your server.
  3. Go to Sites > Default Web Site.
  4. Go to the menu on the right and go to Actions > Edit Site > Bindings.
  5. Edit your 443 binding and replace your old TLS certificate via the drop-down menu SSL certificate.

NOTE: If the change does not take effect directly, restart your IIS server via the command line with the command iisreset.

Web App

  1. Import the new TLS certificate and the private key into the Windows certificate store of the computer on which your Intranet Role is installed.
  2. Open the NoSpamProxy Command Center.
  3. Go to Configuration > NoSpamProxy Components > NoSpamProxy Web App and click Edit.
  4. Check the details on the Connection page for accuracy and then click Next.
  5. On the Certificate page, replace your old certificate by clicking Select Certificate and selecting the new certificate.
  6. Click Finish and restart.