Configure the SEG V2 for KCD using the UEM console.

Prerequisites

  1. You must have installed and configured SEG.
  2. Upload a single trust certificate for KCD using the UEM console. This certificate is used to validate the client certificate. If additional certificates are needed, then they must be added manually to the SEG configuration. See Update Secure Email Gateway v2 Configuration for Multiple Certificates Trust.
    Note: The supported certificate types are .p12, .pfx, and .cer.

Procedure

  1. Navigate to Email > Email Settings > Advanced.
  2. Deselect the Use Recommended Settings check box.
  3. Select Upload from the Client Certificate Chain and then click Choose File to upload the certificate chain used to issue client certificates.
    Note: The result is a certificate chain that begins at the trusted root CA, through the intermediate and ending with the SSL certificate issued to you. The supported certificate types are .p12, .pfx, and .cer.
  4. Click Enable from the Require Client Certificate to enable the client certificate if it is a security requirement.
  5. Click Enable to enable KCD Authentication.
  6. From the KCD Authentication menu, select Target SPN text box and enter the Target SPN in HTTP/{exchangeName} format. For example, HTTP/mobilemail.worldwide.com
  7. Select Service Account User Name and enter the name of your Service Account. For example, SVC_awseg.
  8. Select Service Account Password and enter the password for your Service Account.
  9. Select Add Domain.
    The Add Domain menu item displays the Domain and Domain Controller text boxes.
    1. Select the Domain text box and enter the domain name.
      Note: The domain name is case-sensitive and must be entered in uppercase. For example, DOMAIN-NAME.COM.
    2. Select the Domain Controller text box and enter the domain controller server name. For example, DC.DOMAIN-NAME.COM.
      The domain and domain controllers must be added in pairs and all domains must have trust with the primary domain.
  10. Click Save and restart the SEG service.
    Note: If you modify these settings after the SEG installation, you must reinstall SEG.