• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

Ins and outs of TLS?

Hello!
 Have a client that is required to use TLS for accepting mail from a government agency.  I have a 2003 Small Business Server Std and wonder how to implement it.  Or is it already on?  How do I use it?  Get Exchange to use it?  
 As you may be albe to tell, I am not that familiar with it.  I know its secure smtp over a different port (isnt it?) and just need some guidance on how to implement / configure it.

 Many thanks!
0
Lorenzo Cricchio
Asked:
Lorenzo Cricchio
  • 3
  • 3
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
TLS doesn't run over a separate port for SMTP. Basically what happens in a TLS SMTP transaction is when the two servers communicate with one another, the sending server issues a STARTTLS command to the receiving server. If this command succeeds, the transaction begins to be secured using the server certificate that is assigned to the server, much like HTTPS is secured with SSL. You have to configure it to work with Exchange 2003. I haven't worked with 2003 in a *long* time so I don't know the specifics, but I think you have to create a new send connector that requires TLS to communicate with the government organization. http://www.networkworld.com/news/2007/011807-tls1.html has a lot of information about TLS and how to implement it with Exchange 2003. Note that there are 5 parts to it, so read the first and at the bottom of that there are links to 4 more articles.
0
 
Lorenzo CricchioPresidentAuthor Commented:
Does the incoming still travel over port 25?  I dont have the SBS multihoned and is behind a firewall.  Along with 25, 443 is sent to the SBS.  
  I think they already have a cert from Godaddy.  I suspect I can use that one?
0
 
Adam BrownSr Solutions ArchitectCommented:
All Secured SMTP traffic using TLS goes over port 25 (Unless you configure it to use a different port, which is possible). And you can use your Godaddy cert for the connection.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Lorenzo CricchioPresidentAuthor Commented:
they do have a cert, but I think it was selfsigned. That still ok to use?
0
 
Adam BrownSr Solutions ArchitectCommented:
It's not preferred. You might get some error messages in your event logs regarding the certificate if you use that one, but the TLS session should still work.
0
 
Lorenzo CricchioPresidentAuthor Commented:
Cert from godaddy installed and seems to be up and running AOK!  Thanks!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now