Solved

Setting up Mutual TLS on Exchange 2010 with External organisation

Posted on 2014-01-14
1
998 Views
Last Modified: 2014-06-26
Hi.
We have an Exchange 2010 setup where some customers run their emails off our Exchange servers.
One customer has been approached by a bank to setup Mutual TLS in their communications.
I get the gist of the TLS setup but the process in our environment has me a little stumped so hoping for some direction please.

Current environment:
2 Edge servers  (edge1 & edge2)
2 CAS servers (certificates located here - cas1 & cas2)
2 Mailbox servers (mb1 & mb2)

On each CAS server there is a self signed certificate which has IMAP\POP\SMTP services enabled.

There is a single GoDaddy Secure CA certificate installed on the CAS servers which handles IIS service for our clients to use webmail and activesync e.g  owa.host.com
__

Because we have other customers running on the same servers its hard to test and makes me apprehensive but my thoughts are to:

1. enable godaddy cert for SMTP on both CAS servers
2. create send and receive connector for bank.com domain and enable TLS option
3. exchange certs with bank IT and we add these into Trusted sections on our Edge servers

If anyone cold correct me I'd appreciate it :)
I've read the MS technet article but it confuses me and I'm unsure if we can use the 3rd party cert we currently have in place or if we have to use something with the customer domain name in it?
0
Comment
Question by:core3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 500 total points
ID: 39781410
The bank email server would communicate with your EDge servers on mutaul TLS.
So you need to have a SAN certificate with the following names.

CAS1.domain.com
CAS2.domain.com
Edge1.domain.com
edge2.domain.com
Webmail.domain.com
Autodiscover.domain.com

Install the cert on cas1,cas2,edge1 and edge2. Assign  SMTP, IIS,POP,IMAP for the cert.
make sure TLS is enabled on the receive conenctors on EDGE transport servers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
how to add IIS SMTP to handle application/Scanner relays into office 365.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question