Solved

Setting up Mutual TLS on Exchange 2010 with External organisation

Posted on 2014-01-14
1
849 Views
Last Modified: 2014-06-26
Hi.
We have an Exchange 2010 setup where some customers run their emails off our Exchange servers.
One customer has been approached by a bank to setup Mutual TLS in their communications.
I get the gist of the TLS setup but the process in our environment has me a little stumped so hoping for some direction please.

Current environment:
2 Edge servers  (edge1 & edge2)
2 CAS servers (certificates located here - cas1 & cas2)
2 Mailbox servers (mb1 & mb2)

On each CAS server there is a self signed certificate which has IMAP\POP\SMTP services enabled.

There is a single GoDaddy Secure CA certificate installed on the CAS servers which handles IIS service for our clients to use webmail and activesync e.g  owa.host.com
__

Because we have other customers running on the same servers its hard to test and makes me apprehensive but my thoughts are to:

1. enable godaddy cert for SMTP on both CAS servers
2. create send and receive connector for bank.com domain and enable TLS option
3. exchange certs with bank IT and we add these into Trusted sections on our Edge servers

If anyone cold correct me I'd appreciate it :)
I've read the MS technet article but it confuses me and I'm unsure if we can use the 3rd party cert we currently have in place or if we have to use something with the customer domain name in it?
0
Comment
Question by:core3
1 Comment
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 500 total points
ID: 39781410
The bank email server would communicate with your EDge servers on mutaul TLS.
So you need to have a SAN certificate with the following names.

CAS1.domain.com
CAS2.domain.com
Edge1.domain.com
edge2.domain.com
Webmail.domain.com
Autodiscover.domain.com

Install the cert on cas1,cas2,edge1 and edge2. Assign  SMTP, IIS,POP,IMAP for the cert.
make sure TLS is enabled on the receive conenctors on EDGE transport servers.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now