asked on
Exchange 2007/2010 - TLS
Hi Experts,
I've never really attempted to configure TLS on any of our customer Exchange servers before.
I've read this:
http://technet.microsoft.com/en-us/library/aa998840(v=exchg.141).aspx
But I'm a bit confused on what certificates are required.
We have multiple hub transport servers, sending and receiving emails to/from the Internet.
Are we able to enable TLS if there is a smart host in the way?
If we are sending from multiple hub transport servers, do we need a cert for each of these? or can these be covered by a single cert?
Any help is appreciated!
I've never really attempted to configure TLS on any of our customer Exchange servers before.
I've read this:
http://technet.microsoft.com/en-us/library/aa998840(v=exchg.141).aspx
But I'm a bit confused on what certificates are required.
We have multiple hub transport servers, sending and receiving emails to/from the Internet.
Are we able to enable TLS if there is a smart host in the way?
If we are sending from multiple hub transport servers, do we need a cert for each of these? or can these be covered by a single cert?
Any help is appreciated!
Exchange
Last Comment
Chris
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionSOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
yes a scoped send connector would be the way to enforce TLS to a specific Domain
as far as i am aware digital signatures (within Exchange) can be used to sign emails but not encrypt them, this is using the Exchange Rights Management to do this which is a load of extra infrastructure an licensing. If you want to do user to user encryption then PGP is a good choice.
there is a PGP universal server which does gateway encryption which means it sits next to the exchange server and does the encryption there and removes the need to end user setup with software and encryption keys
as far as i am aware digital signatures (within Exchange) can be used to sign emails but not encrypt them, this is using the Exchange Rights Management to do this which is a load of extra infrastructure an licensing. If you want to do user to user encryption then PGP is a good choice.
there is a PGP universal server which does gateway encryption which means it sits next to the exchange server and does the encryption there and removes the need to end user setup with software and encryption keys
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
I was thinking of creating an additional send connector, locked down for that particular domain that would like to use encryption.
On a totally different note, Digital Signatures *could* be used to encrypt data between 2 particular users between 2 different Exchange Organizations right?
Thanks again!