Setting up Secure Emails

As a system administrator, you set up your system to send secure emails using TLS to secure the SMTP connection. This functionality is available in the Automation Engine and certain Agents.

Important!

  • Using TLS to secure the SMTP connection requires a certificate. Make sure that it is available in the UC_TRUSTEDCERTS Storage object in Client 0, see UC_TRUSTEDCERTS Storage Object.

  • Not all Agents support sending secure emails. Agents that support SMTP but not SMTPS ignore the keys that are relevant for TLS. If they are able to send emails, they do so using the PLAIN protocol, the definition of the SMTP_SERVER key and the default SMTP_PORT definition (25), which secures backward compatibility with Agents that do not support sending secure emails.

    The table below shows which Agents support sending (secure) emails.

    Agent

    Send Email

    Send Secure Email

    BS2000 NO NO
    Database Agents YES YES
    JMX YES YES
    NSK NO NO
    AS/400 NO NO
    PeopleSoft YES YES
    Rapid Automation YES YES
    SAP YES YES
    UNIX: IBM AIX, Linux x64 and PowerPC 64 LE YES YES
    UNIX: Other YES NO
    VMS YES NO
    Windows YES YES
    z/OS NO NO

Establishing an email connection is the main requirement for the Automation Engine or an Agent to send emails - secure or not - to a user. To set it up, have to make sure that SMTP is configured to match your needs. The correct configuration depends on how do you want your system to send emails via the Notification (CALL) object or using the SEND_MAIL script function.

More information:

When you use a Notification (CALL) object, you can only set up one SMTP server. You can configure it using the SMTP Parameters of the UC_CLIENT_SETTINGS variable, see SMTP Parameters.

When you use the SEND_MAIL script function, you can use the same SMTP Parameters, or, if you want to set up more than one SMTP server with different configuration, you can use the UC_SMTP_MYSERVER variable, defining one variable for each server (for example, UC_SMTP_MYSERVER1, UC_SMTP_MYSERVER2), see UC_SMTP_MYSERVER - SMTP Variable.

The UC_SMTP_MYSERVER variable overrides the UC_CLIENT_SETTINGS if it is called when using the SEND_MAIL script function. The server name you define for each variable must match the MYSERVER parameter used in the SEND_MAIL script function.

Both variables (SMTP Parameters and UC_SMTP_MYSERVER) support the same SMTP parameter definitions. To secure the connection in either variable, do the following:

  • Log into the relevant Client and, depending on the option that you want to implement, open either the UC_CLIENT_SETTINGS or the UC_SMTP_MYSERVER variable, see SMTP Parameters or UC_SMTP_MYSERVER - SMTP Variable, respectively.

  • Make sure you define the SMTP_SERVER and SMTP_FROM_ADDR keys, as the are always mandatory.

  • On the SMTP_PROTOCOL key, define the protocol that you want to use for the communication:

    • STARTTLS Sends emails through an opportunistic TLS connection.

    • TLS Sends emails through a forced TLS connection.

    Note: Selecting either of the TLS protocols makes defining the SMTPS_CERT key mandatory.

  • Use the SMTPS_CERT key to point to the certificate that you want to use. Make sure that the relevant certificate has been uploaded to the UC_TRUSTEDCERTS Storage object in Client 0, see UC_TRUSTEDCERTS Storage Object.

See also: