Solved

Setting up Mutual TLS on Exchange 2010 with External organisation

Posted on 2014-01-14
1
978 Views
Last Modified: 2014-06-26
Hi.
We have an Exchange 2010 setup where some customers run their emails off our Exchange servers.
One customer has been approached by a bank to setup Mutual TLS in their communications.
I get the gist of the TLS setup but the process in our environment has me a little stumped so hoping for some direction please.

Current environment:
2 Edge servers  (edge1 & edge2)
2 CAS servers (certificates located here - cas1 & cas2)
2 Mailbox servers (mb1 & mb2)

On each CAS server there is a self signed certificate which has IMAP\POP\SMTP services enabled.

There is a single GoDaddy Secure CA certificate installed on the CAS servers which handles IIS service for our clients to use webmail and activesync e.g  owa.host.com
__

Because we have other customers running on the same servers its hard to test and makes me apprehensive but my thoughts are to:

1. enable godaddy cert for SMTP on both CAS servers
2. create send and receive connector for bank.com domain and enable TLS option
3. exchange certs with bank IT and we add these into Trusted sections on our Edge servers

If anyone cold correct me I'd appreciate it :)
I've read the MS technet article but it confuses me and I'm unsure if we can use the 3rd party cert we currently have in place or if we have to use something with the customer domain name in it?
0
Comment
Question by:core3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 500 total points
ID: 39781410
The bank email server would communicate with your EDge servers on mutaul TLS.
So you need to have a SAN certificate with the following names.

CAS1.domain.com
CAS2.domain.com
Edge1.domain.com
edge2.domain.com
Webmail.domain.com
Autodiscover.domain.com

Install the cert on cas1,cas2,edge1 and edge2. Assign  SMTP, IIS,POP,IMAP for the cert.
make sure TLS is enabled on the receive conenctors on EDGE transport servers.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question