Avatar of MarkMichael
MarkMichael
 asked on

Exchange 2007/2010 - TLS

Hi Experts,

I've never really attempted to configure TLS on any of our customer Exchange servers before.

I've read this:
http://technet.microsoft.com/en-us/library/aa998840(v=exchg.141).aspx

But I'm a bit confused on what certificates are required.

We have multiple hub transport servers, sending and receiving emails to/from the Internet.

Are we able to enable TLS if there is a smart host in the way?
If we are sending from multiple hub transport servers, do we need a cert for each of these? or can these be covered by a single cert?

Any help is appreciated!
Exchange

Avatar of undefined
Last Comment
Chris

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Bruno PACI

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Chris

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
MarkMichael

ASKER
Thanks for the quick reply!

I was thinking of creating an additional send connector, locked down for that particular domain that would like to use encryption.

On a totally different note, Digital Signatures *could* be used to encrypt data between 2 particular users between 2 different Exchange Organizations right?

Thanks again!
Chris

yes a scoped send connector would be the way to enforce TLS to a specific Domain


as far as i am aware digital signatures (within Exchange) can be used to sign emails but not encrypt them, this is using the Exchange Rights Management to do this which is a load of extra infrastructure an licensing. If you want to do user to user encryption then PGP is a good choice.
there is a PGP universal server which does gateway encryption which means it sits next to the exchange server and does the encryption there and removes the need to end user setup with software and encryption keys
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23