Exchange 2003 & TLS

Posted on 2006-05-03
Last Modified: 2008-02-20
Hi All

I'm trying to setup TLS for a specific domain and seem to have run into a couple of problems. I've installed a cert on the server (self signed not from a CA) when I connect via telnet I see:


So I know it'll handle TLS (I think). I then created a SMTP Connector for the specific domain that I want to send TLS mail to and set the requires TLS in the Outboud securiy tab. On the receving computer I followed the same procedure, installed a cert (self signed once again) and tested the Virtual server. From what I can tell everything is setup properly.

When I send a message to that domain I can see the message in the ougoing queue sitting in a retry state, if I delete the message with an NDR I get the following message:

This message was rejected due to the current administrative policy by the destination server.  Please retry at a later time.  If that fails, contact your system administrator.

Am I missing something? Are there any other settings I need to look at? Since I'm going over the internet do I need to have certs that are signed by a trusted CA?

thanx for the help
Question by:burtco013
    1 Comment
    LVL 104

    Accepted Solution

    As you are using self signed certificates, have you installed the certificate on the other server?
    TLS, like all SSL traffic works on a basis of trust. If you are using a certificate that is not trusted by the sending server then the system will fail.

    Ideally you should be using a purchased SSL certificate. I use RapidSSL for my certificate deployments and it works very well. The same certificate can be used for OWA, OMA, EAS, RPC over HTTPS, TLS etc. You just have to ensure that the common name is the same name that you are using to address the server, or get a wildcard certificate.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video discusses moving either the default database or any database to a new volume.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    27 Experts available now in Live!

    Get 1:1 Help Now