kblumen
asked on
How do I force TLS encryption from one Exchange 2007 server to another?
I understand from http://www.microsoft.com/exchange/2010/en/us/exchange-2007-features.aspx that TLS is enabled by default for server-to-server traffic.
I, also, read "SSL certificates are installed by default in Exchange Server 2007, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers."
I am unclear on a couple items:
1. Must I purchase 3rd party certificates?
2. Must I purchase a 3rd party certificate for both servers?
3. What is needed to encrypt data between the (full blown) Outlook client and its own Exchange Server (and then the remote domain)?
4. Is there a good step-by-step for forcing TLS exchange 2007 to exchange 2007 encryption?
(other than this one: http://technet.microsoft.com/en-us/library/bb123543%28EXCHG.80%29.aspx)
I, also, read "SSL certificates are installed by default in Exchange Server 2007, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers."
I am unclear on a couple items:
1. Must I purchase 3rd party certificates?
2. Must I purchase a 3rd party certificate for both servers?
3. What is needed to encrypt data between the (full blown) Outlook client and its own Exchange Server (and then the remote domain)?
4. Is there a good step-by-step for forcing TLS exchange 2007 to exchange 2007 encryption?
(other than this one: http://technet.microsoft.com/en-us/library/bb123543%28EXCHG.80%29.aspx)
ASKER
This is to another organization outside of my forest completely. A separate company. I need to force all mail to and from this organization to be encrypted.
ASKER
Also... My clients do connect with Outlook Anywhere (RPC over HTTPS) without a VPN. Where would the certificate be installed if it is already in place? I am new to this organization.
ASKER
I do see on my front end exchange servers that a certificate is installed in the RPC directory. I do not see where that certificate lives on my laptop. Can anyone help me understand what I am missing.
Thanks.
Thanks.
ASKER
When checking out my Trust Root Certificate Authority on my Laptop, the certificate for our organization does not contain (.com) after our domain name. Is this the certificate that Outlook Anywhere uses? I would have guessed it would have the .com top-level domain in the subject.
ASKER
So must I buy 3rd party certificates for both servers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For encryption between Exchange and Outlook within the org, encryption is automatic. If you are using Outlook Anywhere to allow Outlook clients to connect without VPN, then you do need to purchase a 3rd party certtificate.
Also, the article you mentioned is fine for encryption info.