jiyamoo
asked on
TLS Exchange Setup
Hello,
I was just asked to look into getting a TLS connection established between my company and another company for the purpose of encrypting the communication between our exchange servers.
I dont really know the protocol behind doing this, so I started doing some research. My company does not have a certificate issued to us by a third party trusted CA, and I imagine that would be something i have to rectify -- what type of certificate exactly am i looking for? Entrust offers quite a range -- is Standard (1 domain) SSL sufficient?
We are running exchange 2007.
Thanks
I was just asked to look into getting a TLS connection established between my company and another company for the purpose of encrypting the communication between our exchange servers.
I dont really know the protocol behind doing this, so I started doing some research. My company does not have a certificate issued to us by a third party trusted CA, and I imagine that would be something i have to rectify -- what type of certificate exactly am i looking for? Entrust offers quite a range -- is Standard (1 domain) SSL sufficient?
We are running exchange 2007.
Thanks
ASKER
I went to checktls.com and tried my exchange server -- this is the result: (changed domain name to WERK)
[000.135] Connected to server
[000.201] <-- 220 sl.WERK.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 5 Sep 2012 14:57:03 -0500
[000.202] We are allowed to connect
[000.202] --> EHLO checktls.com
[000.269] <-- 250-sl.WERK.com Hello [204.225.38.191]
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
[000.270] We can use this server
[000.270] TLS is not an option on this server
[000.270] --> MAIL FROM: <test@checktls.com>
[000.337] <-- 250 2.1.0 test@checktls.com....Sende r OK
[000.337] Sender is OK
[000.338] --> RCPT TO: <email3@WERK.com>
[000.404] <-- 250 2.1.5 email3@WERK.com
[000.405] Recipient OK, E-mail address proofed
[000.405] --> QUIT
[000.471] <-- 221 2.0.0 sl.WERK.com Service closing transmission channel
[000.135] Connected to server
[000.201] <-- 220 sl.WERK.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 5 Sep 2012 14:57:03 -0500
[000.202] We are allowed to connect
[000.202] --> EHLO checktls.com
[000.269] <-- 250-sl.WERK.com Hello [204.225.38.191]
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
[000.270] We can use this server
[000.270] TLS is not an option on this server
[000.270] --> MAIL FROM: <test@checktls.com>
[000.337] <-- 250 2.1.0 test@checktls.com....Sende
[000.337] Sender is OK
[000.338] --> RCPT TO: <email3@WERK.com>
[000.404] <-- 250 2.1.5 email3@WERK.com
[000.405] Recipient OK, E-mail address proofed
[000.405] --> QUIT
[000.471] <-- 221 2.0.0 sl.WERK.com Service closing transmission channel
ASKER
Wait, is Outlook 2007 required? We are still running Outlook 2003.
ASKER
Furthermore, i dont believe OWA or anything else of that nature was ever set up when the server was constructed (my predecessor did it). I just tested and while the internal OWA works, the external address actually is the address for our spamfilter.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Quick, great response.
Thanks
Thanks
This guide goes through the certificate requirement:
http://exchange.sembee.info/2007/install/multiplenamessl.asp
That will be all that you need, as Exchange does opportunist TLS.
If you want to restrict so that email is ONLY received on TLS and rejects otherwise then you have to configure both a Receive Connector and a Send Connector.
http://technet.microsoft.com/en-gb/library/ee428172(v=exchg.80).aspx
Simon.