• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Procedure to configure mutual TLS on SBS 2008 ( Exchange 2007)

I need to create a mutual TLS connection with a client, Our SBS 2008 server has always used self signed certificates which I know will not work for this configuration, Can anyone walk me thru the process from the type of public exchange certificate I buy to installing the certificate to creating the exchange connector for the mutual connection. I'm assuming I would create a connector just for communications with this client, since the purpose of this exercise is their requirement.
  • 3
  • 2
1 Solution
David Johnson, CD, MVPOwnerCommented:
you can use your internal CA's certificates if you each import the others certificate.. Same with the other party they can use their internal CA certificate the stipulation is you must trust each others root certificate authority . Trusting another companies CA infastructure is more common than the majors (verisign, godaddy, rapidssl, et al) would want you to believe. It does mean planning your PKI settings and your PKI policies and you may only trust one subordinate CA and not others..  This requires a sharing of policy information between both companies

one example is @ http://technet.microsoft.com/en-us/library/bb123543%28v=exchg.141%29.aspx#Step1
hounschellAuthor Commented:

I spoke with the clients support team and they are requesting that we upgrade to a Public Certificate  (FYI, this is a connection to a bank) So lets proceed knowing that requirement.

This is their certificate info if it helps....
Client xyz is using a public VeriSign certificate signed by
VeriSign Class 3 Secure Server CA - G3
VeriSign Class 3 Public Primary Certification Authority - G5
David Johnson, CD, MVPOwnerCommented:
Ok then any cert will do.. Instructions on how to create a certificate request
for the Hub Transport Server

Enter the FQDN of your Hub Transport server if you'll be using mutual TLS to help secure Internet mail or if you'll be using a Hub Transport server for POP and IMAP client submission.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Simon Butler (Sembee)ConsultantCommented:
A regular UC type certificate will be fine. That way it will protect everything on the server, including ActiveSync, OWA, Outlook Anywhere as well as the SMTP traffic flow.

SBS 2008 needs the SSL certificate done in a certain way.

A cheap GoDaddy SSL certificate will be fine, that will still do the TLS that is required.

Once you have the SSL certificate in place, follow the instructions on Technet for Mutual TLS.

hounschellAuthor Commented:

Thanks this article looks quite helpful, I'll get started on this next week
hounschellAuthor Commented:
Thank you ,, cert install,, next I need to create a mutual connection between our server and thiers
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now