Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 907
  • Last Modified:

How to Setup/install TLS on SBS 2003 Server

Hello All,

I have a client that is being required be one of their clients to use TLS for their emails between them. Here are the questions.

1. If we setup TLS on Exchange, will every one who sends email to us have to use it?

2. With the expected answer to 1 being NO, What is the best way to setup TLS on SBS 2003?

3. Since we are being required to have TLS from only one client, should we use a self-signed certificate and/or is their a inexpensive method of getting a public (key) Certificate.


TTFN
Ray Traeger
0
rtraeger
Asked:
rtraeger
  • 4
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
What is TLS?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Do you mean Transport Layer Security?

This KB article will explain: http://support.microsoft.com/kb/823019

However, it is not recommended to use POP3 on an SBS because it uses a fair amount of resources.  (It's generally insecure, but with TLS, that wouldn't be the case... it'll just eat up more resources).

The reason for not using it on an SBS is because there are two methods to securely retrieve email without having to add anything extra.  Either Outlook Web Access (via SSL) or RPC over HTTPS (which is already preconfigured on your SBS).

Jeff
TechSoEasy
0
 
rtraegerAuthor Commented:
Jeff (Techs Easy),

Yes, I do mean transport Layer Security.

I may have not clearly explained the issue. This is the request we received from a client who sends email to us and receives email from us.

“In a continuing effort to be pro-active on the privacy of our customer's, we are initiating an Email Encryption policy on all "incoming and outgoing" emails with our Vendors (we are a vendor). In order to address the "high volume vendors" first, your Firm has been identified as one that will need to comply with the Encryption requirements on a top priority basis. It is possible, and highly probable that your email Server already has the software requirements and Certificate to support compliance initiative.

Our simple requirements for TLS to work are as follows:  

Your system must be using a TLS (Transport Layer Security) Certificate*. If your Certificate is self-signed, We will need a copy of the Public Key to perform certificate validation.  

 * Note:  Because encryption is used in TLS communications, the Certificate used to represent the local Email Firewall server in all TLS negotiations and the private key that is associated with this certificate must exist in the Email Firewall database. Exactly ONE certificate and key pair is needed. The Email Firewall Relay does not support the use of multiple local server certificates for TLS. The same certificate and key pair is used by all Email Firewall Relay services that are using the same database.”

With this being the case we are not sure how or what we need to setup.

R. Traeger
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Ah... I see... what a RPITA!

Basically what they are saying is that you need to be using an SSL certificate.  By default, if you've run the CEICW (Configure Email and Internet Connection Wizard) on your SBS then it's generated a self-signed certificate.  Apparently you would need to give them the Public Key.  I would just send them the certificate and let them deal with it.  It's located at C:\ClientApps\SBScert\sbscert.cer and you can just zip it and attach it to an email for them to install wherever they like.

This should not affect any users on your side at all... but if it does, ask them for detailed instructions on how they want things configured.  Because, really... if it's their requirement, they should be much clearer on what the would like to have done.

Jeff
TEchSoEasy
0
 
rtraegerAuthor Commented:
What is RPITA!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now