How to Setup/install TLS on SBS 2003 Server

Posted on 2006-05-21
Last Modified: 2012-06-27
Hello All,

I have a client that is being required be one of their clients to use TLS for their emails between them. Here are the questions.

1. If we setup TLS on Exchange, will every one who sends email to us have to use it?

2. With the expected answer to 1 being NO, What is the best way to setup TLS on SBS 2003?

3. Since we are being required to have TLS from only one client, should we use a self-signed certificate and/or is their a inexpensive method of getting a public (key) Certificate.

Ray Traeger
Question by:rtraeger
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    What is TLS?
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    Do you mean Transport Layer Security?

    This KB article will explain:

    However, it is not recommended to use POP3 on an SBS because it uses a fair amount of resources.  (It's generally insecure, but with TLS, that wouldn't be the case... it'll just eat up more resources).

    The reason for not using it on an SBS is because there are two methods to securely retrieve email without having to add anything extra.  Either Outlook Web Access (via SSL) or RPC over HTTPS (which is already preconfigured on your SBS).


    Author Comment

    Jeff (Techs Easy),

    Yes, I do mean transport Layer Security.

    I may have not clearly explained the issue. This is the request we received from a client who sends email to us and receives email from us.

    “In a continuing effort to be pro-active on the privacy of our customer's, we are initiating an Email Encryption policy on all "incoming and outgoing" emails with our Vendors (we are a vendor). In order to address the "high volume vendors" first, your Firm has been identified as one that will need to comply with the Encryption requirements on a top priority basis. It is possible, and highly probable that your email Server already has the software requirements and Certificate to support compliance initiative.

    Our simple requirements for TLS to work are as follows:  

    Your system must be using a TLS (Transport Layer Security) Certificate*. If your Certificate is self-signed, We will need a copy of the Public Key to perform certificate validation.  

     * Note:  Because encryption is used in TLS communications, the Certificate used to represent the local Email Firewall server in all TLS negotiations and the private key that is associated with this certificate must exist in the Email Firewall database. Exactly ONE certificate and key pair is needed. The Email Firewall Relay does not support the use of multiple local server certificates for TLS. The same certificate and key pair is used by all Email Firewall Relay services that are using the same database.”

    With this being the case we are not sure how or what we need to setup.

    R. Traeger
    LVL 74

    Accepted Solution

    Ah... I see... what a RPITA!

    Basically what they are saying is that you need to be using an SSL certificate.  By default, if you've run the CEICW (Configure Email and Internet Connection Wizard) on your SBS then it's generated a self-signed certificate.  Apparently you would need to give them the Public Key.  I would just send them the certificate and let them deal with it.  It's located at C:\ClientApps\SBScert\sbscert.cer and you can just zip it and attach it to an email for them to install wherever they like.

    This should not affect any users on your side at all... but if it does, ask them for detailed instructions on how they want things configured.  Because, really... if it's their requirement, they should be much clearer on what the would like to have done.


    Author Comment

    What is RPITA!
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now