Link to home
Start Free TrialLog in
Avatar of MarkMichael
MarkMichael

asked on

Exchange 2007/2010 - TLS

Hi Experts,

I've never really attempted to configure TLS on any of our customer Exchange servers before.

I've read this:
http://technet.microsoft.com/en-us/library/aa998840(v=exchg.141).aspx

But I'm a bit confused on what certificates are required.

We have multiple hub transport servers, sending and receiving emails to/from the Internet.

Are we able to enable TLS if there is a smart host in the way?
If we are sending from multiple hub transport servers, do we need a cert for each of these? or can these be covered by a single cert?

Any help is appreciated!
ASKER CERTIFIED SOLUTION
Avatar of Bruno PACI
Bruno PACI
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MarkMichael
MarkMichael

ASKER

Thanks for the quick reply!

I was thinking of creating an additional send connector, locked down for that particular domain that would like to use encryption.

On a totally different note, Digital Signatures *could* be used to encrypt data between 2 particular users between 2 different Exchange Organizations right?

Thanks again!
yes a scoped send connector would be the way to enforce TLS to a specific Domain


as far as i am aware digital signatures (within Exchange) can be used to sign emails but not encrypt them, this is using the Exchange Rights Management to do this which is a load of extra infrastructure an licensing. If you want to do user to user encryption then PGP is a good choice.
there is a PGP universal server which does gateway encryption which means it sits next to the exchange server and does the encryption there and removes the need to end user setup with software and encryption keys