Solved

Setting up Mutual TLS on Exchange 2010 with External organisation

Posted on 2014-01-14
1
870 Views
Last Modified: 2014-06-26
Hi.
We have an Exchange 2010 setup where some customers run their emails off our Exchange servers.
One customer has been approached by a bank to setup Mutual TLS in their communications.
I get the gist of the TLS setup but the process in our environment has me a little stumped so hoping for some direction please.

Current environment:
2 Edge servers  (edge1 & edge2)
2 CAS servers (certificates located here - cas1 & cas2)
2 Mailbox servers (mb1 & mb2)

On each CAS server there is a self signed certificate which has IMAP\POP\SMTP services enabled.

There is a single GoDaddy Secure CA certificate installed on the CAS servers which handles IIS service for our clients to use webmail and activesync e.g  owa.host.com
__

Because we have other customers running on the same servers its hard to test and makes me apprehensive but my thoughts are to:

1. enable godaddy cert for SMTP on both CAS servers
2. create send and receive connector for bank.com domain and enable TLS option
3. exchange certs with bank IT and we add these into Trusted sections on our Edge servers

If anyone cold correct me I'd appreciate it :)
I've read the MS technet article but it confuses me and I'm unsure if we can use the 3rd party cert we currently have in place or if we have to use something with the customer domain name in it?
0
Comment
Question by:core3
1 Comment
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 500 total points
ID: 39781410
The bank email server would communicate with your EDge servers on mutaul TLS.
So you need to have a SAN certificate with the following names.

CAS1.domain.com
CAS2.domain.com
Edge1.domain.com
edge2.domain.com
Webmail.domain.com
Autodiscover.domain.com

Install the cert on cas1,cas2,edge1 and edge2. Assign  SMTP, IIS,POP,IMAP for the cert.
make sure TLS is enabled on the receive conenctors on EDGE transport servers.
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now