TLS issue on Exchange 2010

Mutogi
Mutogi used Ask the Experts™
on
Experts,

I have an exchange 2010 server that is really in the need for SSL and TLS support, and everywhere i look im spinning in circles trying to wrap my head to understand this.

Ive already had activesync clients working and exchange connecting,  what where and how can i fix this.


test stage and result
 


[000.134]
 


Connected to server



[000.211]
 
<--
 
220 myserver.home.LOCAL Microsoft ESMTP MAIL Service ready at Thu, 24 May 2012 11:25:44 -0500
 


[000.212]
 


We are allowed to connect



[000.212]
 
-->
 
EHLO checktls.com



[000.296]
 
<--
 
250-myserver.home.LOCAL Hello [8.8.8.4]
250-SIZE
250-DSN
250 AUTH NTLM



[000.297]
 


We can use this server



[000.297]
 


TLS is not an option on this server



[000.297]
 
-->
 
MAIL FROM: <test@assuretls.checktls.com>



[000.380]
 
<--
 
250 2.1.0 Sender OK



[000.380]
 


Sender is OK



[000.381]
 
-->
 
RCPT TO: <myemail@email.com>



[000.467]
 
<--
 
250 2.1.5 Recipient OK



[000.467]
 


Recipient OK, E-mail address proofed



[000.468]
 
-->
 
QUIT



[000.551]
 
<--
 
221 2.0.0 Service closing transmission channel
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Have you installed the correct thrid-party endorsed UCC/SAN SSL certificate on the Exchange server?  Have you enabled it on the necessary services - i.e. SMTP IIS etc?
MutogiIT Manager

Author

Commented:
Im not 100% sure how to check, have a standard SSL for exchange from godaddy?

thx
1. Open your Exchange Management Console (EMC) and expand your navigation panel on the left.

2. Highlight the "Server Configuraion" container and look at the details pane on the right, under the "Exchange Certificates" tab.

3. locate the SSL certificate that is _not_ self-signed and is valid for the SMTP/IIS services.

4. Right-click that certificate and choose "open".

5. On the "Details" tab of the certificate, locate the "subject" field and the "subject alternative name" field. Note all the domain names. They should include your public domain name, your AD domain name, FQDN hostname, etc.
http://namitguy.blogspot.com/2010/03/exchange-2010-san-ucc-certificates.html

http://www.digicert.com/ssl-certificate-installation-microsoft-unified-communications.htm

Here's a good wizard:
https://www.digicert.com/easy-csr/exchange2007.htm

Note: a "standard SSL" certificate will not work with Exchange. You need to identify and secure multiple subject names / subject alternative names such as "mailserver.mydomain.com"  "mailserver.mydomain.local"  "mydomain.com"  "autodiscover.mydomain.com"  etc.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Do you want to enable TLS for SMTP?

If yes, then you need to enable it on Receive Connector on "Authentication" Tab.

Let me know if you need more details.


~ Singh
MutogiIT Manager

Author

Commented:
Thanks neilpage99 ill get this implimented and check back with you guys.
MutogiIT Manager

Author

Commented:
tiny bit for info needed, harder to get a SSL for TLS then i thought thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial