Set up the data migration service
3. Set up your TLS certificate
The data migration service communicates over TLS and requires your legacy environment to have a TLS certificate. The certificate must be signed and trusted by a third-party root certificate authority. You can't use the data migration service if your email server has a self-signed certificate.
Read more about TLS.
Before you begin
When you create your certificate, we recommend that you:
- Change the default size of your key ring from 512 to 2,048 bits.
- Complete optional fields, like city or locality, when you create your key ring. Some certificate authorities require this information.
- If your certificate authority provides both trusted root and intermediate certificates, install both types of certificates into the key ring before you merge your actual certificate.
Set up your certificate
Use a TLS certificate verifier to verify the installation and signing of the TLS certificate. If the TLS certificate is trusted, the verifier displays a successful connection message. It includes details about the TLS certificate and trusted internet root authority. If the certificate isn't trusted, the verifier displays a warning message.
Note: If you're checking the certificate of an IMAP server, specify port 993 in the verifier. For example, mail.mycompany.com:993.