Feature Spotlight: Automated TLS Encryption with Certificates from Let’s Encrypt ™

When we announced the release of MailStore Server 12 three weeks ago, we felt that one innovation was particularly worthy of note, namely automated support of the digital certificates provided by the independent certificate authority Let’s Encrypt, which offers digital certificates for Transport Layer Security encryption (TLS encryption) free of charge. With this service, we are providing customers with a simple and effective means to automatically receive and renew official, trusted certificates so that they can build a safe and secure environment. Where required, MailStore Server can help administrators request and configure Let’s Encrypt certificates during installation itself. What is more, the software takes care of certificate renewal itself so that MailStore Server always has a valid certificate. Alternatively, administrators can use the Installer to create self-signed certificates or access existing certificates, as before.

Björn Meyn, Product Manager at MailStore, answers three questions on our new support option for Let’s Encrypt

Why is encryption important and why does MailStore intend to use certificates from Let’s Encrypt?

“Basically, encryption helps to prevent unauthorized third parties from gaining access to sensitive data. So, for example, data stored in MailStore Server has always been archived in encrypted form. But the option of encrypted data transfers, which has just become even simpler in Version 12 thanks to support from Let’s Encrypt, also has a long tradition in MailStore Server. ‘Simplicity’ is the name of the game here‚ and we chose Let’s Encrypt because they offer a simple means of generating trusted certificates automatically for use in the MailStore Server environment. This means that security-critical data such as user IDs and passwords, as well as email content, can be encrypted and made inaccessible to third parties when the archive is being accessed from a mobile device – even in unprotected networks. So accessing archived emails is safer – even in unprotected networks or hotspots such as those found at airports or railroad stations.”

MailStore Server still provides the option of self-signed certificates. So why should an administrator opt for automated support of digital certificates?

“In the past, requesting, using and managing trusted certificates was often a time-consuming affair. The process called for users to carry out a raft of manual steps, not just in MailStore Server, and it was therefore error-prone and also relatively expensive. Self-signed certificates were a feasible way for administrators to guarantee a minimum amount of security during data transfer. But they always came with several drawbacks and were never regarded as trustworthy, which is why all modern browsers explicitly alert users to this risk. Alerts of this kind appearing in the browser or in the MailStore Outlook Add-in would justifiably be a cause for concern for archive users. Support of Let’s Encrypt in MailStore Server 12, which fully automates the process of requesting and renewing trusted certificates after initial configuration, enables MailStore administrators to provide their users with safe and secure access to archives. And the administrative time and effort does not increase compared with the use of self-signed certificates. It goes without saying that MailStore Server always monitors the outcome of certification operations and reports any problems on the dashboard and in the status reports.”

Automated support of digital certificates is another step toward creating more security in email archiving – why is this so important to MailStore?

“You have to bear in mind that a long-term email archive like the one provided by MailStore Server contains a wealth of confidential data that needs protecting. After all, email is still the no. 1 means of communicating today. In a global, networked economy where reports of security leaks and data theft feature almost daily in news bulletins, manufacturers as well as administrators and end users of commercial software solutions are increasingly sensitized to issues such as security and data protection. The complexity of these areas can be increased significantly by legislation such as the GDPR. At MailStore, we believe we have a duty to our customers to reduce these complex problems to an absolute minimum in the products we offer, wherever possible. This means that, as far as possible, we don’t want users and administrators to have to deal with the technology behind the user interface, which we’ve deliberately kept as simple as possible. Secure default settings and the automation of manual tasks that would otherwise be prone to errors (certificate management, for example) have proved to be a suitable means to offer our customers a high level of security while minimizing the administrative effort. We intend to maintain and integrate this approach in our products so that email management becomes safer and remains easy to implement as far as archiving is concerned.”

More Information

Extensive documentation on using Let’s Encrypt certificates can be found in our MailStore Help.

Version 12 of MailStore Server is available to download from the company website at zero cost for all existing customers with valid Update and Support Service agreements. Customers whose Update and Support Service agreement has expired can renew via a paid upgrade and also upgrade to the new version.

Interested companies might also want to download the version as part of a free, unlimited 30-day trial.

We generally recommend that you always use the latest software version available. Why this is important is explained here.