Set up the data migration service

3. Set up your TLS certificate

TLS and its predecessor, Secure Sockets Layer (SSL), are often both referred to as SSL.

The data migration service communicates over TLS and requires your legacy environment to have a TLS certificate. The certificate must be signed and trusted by a third-party root certificate authority. You can't use the data migration service if your email server has a self-signed certificate.

For more information on SSL, go to SSL connections overview.

Before you begin

When you create your certificate, we recommend that you:

  • Change the default size of your key ring from 512 to 2,048 bits.
  • Complete optional fields, like city or locality, when you create your key ring. Some certificate authorities require this information.
  • If your certificate authority provides both trusted root and intermediate certificates, install both types of certificates into the key ring before you merge your actual certificate.

Set up your certificate

Use a TLS certificate verifier to verify the installation and signing of the TLS certificate. If the TLS certificate is trusted, the verifier displays a successful connection message. It includes details about the TLS certificate and trusted internet root authority. If the certificate isn't trusted, the verifier displays a warning message.

Note: If you're checking the certificate of an IMAP server, specify port 993 in the verifier. For example,

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue