I need to enable TLS

Posted on 2008-10-03
Last Modified: 2008-10-23
I need to enable TLS for incoming and outgoing emails. I have a front end server and back end server. Which server do i need to apply the certificate for on the SMTP virtual directory?
Question by:imagnl
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Expert Comment

ID: 22638775
The MS Exchange team covered this well -- see this blog

Accepted Solution

sstone55423 earned 455 total points
ID: 22638781

Here is the SMTP portion that you asked specifically about:
1) Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2) Expand Administrative Groups 1(if appropriate), expand AdministrativeGroup (if appropriate), expand Servers, expand ServerName, and then expand Protocols.
3) Right-click the Secure SMTP VS, and then click Properties.
4) Click the Access tab, and then click Certificate to set up new key certificates and to manage key certificates that are installed for the SMTP virtual server. See the appropriate article for more details on using certificates with Virtual Servers in Exchange Server:


Expert Comment

ID: 22638783
depending on the mail flow, it could be both.

If the front end server is the first place incoming external mail hits, and the last place outgoing external mail hits, then it's just the front end server.

If the front end server only works on the incoming external mail, and the backend server does the external SMTP connects outward, you'll need a cert on both of them.

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 22642824
Well, i followed these instructions and did it on my back end but I dont see the TLS authentication in my headers. My assumption is I need to do it on my front end then.

Also, the certificate for the TLS, should it associate to the FQDN?

Author Comment

ID: 22649701
Any more advice on this?

Expert Comment

ID: 22661421
Not from me.  I don't have an environment to refer to on this.


Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question