Ins and outs of TLS?
Hello!
Have a client that is required to use TLS for accepting mail from a government agency. I have a 2003 Small Business Server Std and wonder how to implement it. Or is it already on? How do I use it? Get Exchange to use it?
As you may be albe to tell, I am not that familiar with it. I know its secure smtp over a different port (isnt it?) and just need some guidance on how to implement / configure it.
Many thanks!
Have a client that is required to use TLS for accepting mail from a government agency. I have a 2003 Small Business Server Std and wonder how to implement it. Or is it already on? How do I use it? Get Exchange to use it?
As you may be albe to tell, I am not that familiar with it. I know its secure smtp over a different port (isnt it?) and just need some guidance on how to implement / configure it.
Many thanks!
Adam Brown
TLS doesn't run over a separate port for SMTP. Basically what happens in a TLS SMTP transaction is when the two servers communicate with one another, the sending server issues a STARTTLS command to the receiving server. If this command succeeds, the transaction begins to be secured using the server certificate that is assigned to the server, much like HTTPS is secured with SSL. You have to configure it to work with Exchange 2003. I haven't worked with 2003 in a *long* time so I don't know the specifics, but I think you have to create a new send connector that requires TLS to communicate with the government organization. http://www.networkworld.com/news/2007/011807-tls1.html has a lot of information about TLS and how to implement it with Exchange 2003. Note that there are 5 parts to it, so read the first and at the bottom of that there are links to 4 more articles.
ASKER
Does the incoming still travel over port 25? I dont have the SBS multihoned and is behind a firewall. Along with 25, 443 is sent to the SBS.
I think they already have a cert from Godaddy. I suspect I can use that one?
I think they already have a cert from Godaddy. I suspect I can use that one?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
they do have a cert, but I think it was selfsigned. That still ok to use?
It's not preferred. You might get some error messages in your event logs regarding the certificate if you use that one, but the TLS session should still work.
ASKER
Cert from godaddy installed and seems to be up and running AOK! Thanks!