TLS and its predecessor, Secure Sockets Layer (SSL), are often both referred to as SSL.
The data migration service communicates over TLS and requires your legacy environment to have a TLS certificate. The certificate must be signed and trusted by a third-party root certificate authority. You can't use the data migration service if your email server has a self-signed certificate.
For more information on SSL, go to SSL connections overview.
Before you begin
When you create your certificate, we recommend that you:
- Change the default size of your key ring from 512 to 2,048 bits.
- Complete optional fields, like city or locality, when you create your key ring. Some certificate authorities require this information.
- If your certificate authority provides both trusted root and intermediate certificates, install both types of certificates into the key ring before you merge your actual certificate.
Set up your certificate
Use a TLS certificate verifier to verify the installation and signing of the TLS certificate. If the TLS certificate is trusted, the verifier displays a successful connection message. It includes details about the TLS certificate and trusted internet root authority. If the certificate isn't trusted, the verifier displays a warning message.
Note: If you're checking the certificate of an IMAP server, specify port 993 in the verifier. For example, mail.example.com:993.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.