TLS and its predecessor, Secure Sockets Layer (SSL), are often both referred to as SSL.
The data migration service communicates over TLS and requires your source account to have a TLS certificate. A third-party root certificate authority (CA) must sign and trust the certificate. If your email server has a self-signed certificate, you can't use the data migration service.
Before you begin
When you create your certificate, we recommend that you:
- Change the default size of your key ring from 512 to 2,048 bits.
- Complete optional fields, like city or locality, when you create your key ring. Some CAs require this information.
- If your CA provides both trusted root and intermediate certificates, install both types of certificates into the key ring before you merge your actual certificate.
Step 1: (Optional) Create your certificate
You can usually purchase and manage TLS certificates from your domain host. If you use a TLS certificate from another company, you might need to generate a Certificate Signing Request (CSR). This request helps provide third-party certificate issuer information to your domain host so you can install the TLS certificate.
Step 2: Set up your certificate
Make sure your server is set up to allow TLS 1.2 connections.
Use a TLS certificate verifier to inspect the installation and signing of the TLS certificate. For example, DigiCert offers an SSL Certificate Checker. If the TLS certificate is trusted, the verifier displays a successful connection message. It includes details about the TLS certificate and trusted internet root authority. If the certificate isn't trusted, the verifier displays a warning message.
Note: If you're checking the certificate of an IMAP server, specify port 993 in the verifier. For example, mail.example.com:993.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.