Configuration for Inbound emails and Certificates for TLS on Exchange 2003

We were asked to enable TLS for one customer so I read a few guides on configuring TLS on Exchange 2003 and so far Ive got it working Outbound as far as I can tell. Ive got my SMTP Connector setup to send emails through a Virtual server with the Certificate installed on etc and emails seem to make their way out of the queue with TLS enabled so I assume it must be working?
My questions are more related to inbound emails and what the SMTP certificate should be called. Currently the certificate we bought simply has the name of the server. It does not have the internal domain or the FQDN.
Currently the certificate is as follows:

SERVERNAME

Using hotmail.com as an example can someone clear up what the certificate should have on it? The mx certificate is mx1.hotmail.com (again thats an example :P)  so what should the TLS certificate be called?  SERVERNAME.hotmail.com? Or something else?
As for inbound emails, because I want to leave the regular SMTP Virtual server working for all other emails from other domains I assume I will have to setup a separate IP to receive inbound emails? They will only be coming in from one customer so Im assuming the emails have to come in the same way they went out which is through the TLS enabled Virtual Server?
Phal44Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kcoectCommented:
If I remember correctly, the certificate name should match the FQDN of the server that the remote user is communicating with.  For example, if your domain is widgets.com and your server name is email, then the server would answer an SMTP connection HELO or EHLO with

email.widgets.com

That's what your certificate would need to be set too.  This is because the sender would then attempt to verify that the certificate for email.widgets.com was valid (via Verisign, Thought, Network Solutions, etc...)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Phal44Author Commented:
So the server name is nothing to do with the usual mx record available to the public but is actually the internal domain/network name?

So does the inbound mail need to be routed directly to the Virtual Server that has TLS enabled? Or can it come in through the usual mail delivery route?
0
Phal44Author Commented:
Still not sure how the inbound emails need to be arranged.

When receiving TLS emails, do they need to come through the Virtual Server with TLS enabled? Or can the regular Virtual Server receive TLS emails even if TLS isnt enabled on there?
0
Phal44Author Commented:
Well... Im still not 100% about how the inbound email has to be configured but after doing some testing Im more like 95% sure :P

Ive ended up configuring new IPs to receive TLS SMTP traffic separately from the regular SMTP trafic.

Thanks for the help KCoect :) even if it was only part of the question :P  lol
0
Phal44Author Commented:
TLS mail now working using separate IP to receive whilst the regular SMTP traffic continues as usual
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.