[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 848
  • Last Modified:

How do I force TLS encryption from one Exchange 2007 server to another?

I understand from http://www.microsoft.com/exchange/2010/en/us/exchange-2007-features.aspx that TLS is enabled by default for server-to-server traffic.

I, also, read "SSL certificates are installed by default in Exchange Server 2007, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers."

I am unclear on a couple items:
1. Must I purchase 3rd party certificates?
2. Must I purchase a 3rd party certificate for both servers?
3. What is needed to encrypt data between the (full blown) Outlook client and its own Exchange Server (and then the remote domain)?
4. Is there a good step-by-step for forcing TLS exchange 2007 to exchange 2007 encryption?
(other than this one:  http://technet.microsoft.com/en-us/library/bb123543%28EXCHG.80%29.aspx)

0
kblumen
Asked:
kblumen
  • 5
  • 2
1 Solution
 
Julian123Commented:
No, you don't need to purchase 3rd party certificates for Exchange to Exchange encryption in your org. There are certificates automatically provided by your active directory infrastructure and since your Exchange servers are both members  of the domain they trust the certificates.

For encryption between Exchange and Outlook within the org, encryption is automatic. If you are using Outlook Anywhere to allow Outlook clients to connect without VPN, then you do need to purchase a 3rd party certtificate.

Also, the article you mentioned is fine for encryption info.
0
 
kblumenAuthor Commented:
This is to another organization outside of my forest completely. A separate company. I need to force all mail to and from this organization to be encrypted.  
0
 
kblumenAuthor Commented:
Also... My clients do connect with Outlook Anywhere (RPC over HTTPS) without a VPN.  Where would the certificate be installed if it is already in place?  I am new to this organization.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
kblumenAuthor Commented:
I do see on my front end exchange servers that a certificate is installed in the RPC directory.  I do not see where that certificate lives on my laptop.  Can anyone help me understand what I am missing.

Thanks.
0
 
kblumenAuthor Commented:
When checking out my Trust Root Certificate Authority on my Laptop, the certificate for our organization does not contain (.com) after our domain name.  Is this the certificate that Outlook Anywhere uses?  I would have guessed it would have the .com top-level domain in the subject.
0
 
kblumenAuthor Commented:
So must I buy 3rd party certificates for both servers?
0
 
Julian123Commented:
Yes, you need 3rd party certs for both your server and the one for the other organization. The certificate that is installed on your server can be used for both TLS connections and Outlook anywhere.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now