exexc
asked on
Requirements for (Perfect) Forward Secrecy on Exchange 2010?
One of our customers is required to use Perfect Forward Secrecy for his mail server.
What are the requirements to use PFS on SBS2011(based on 2008R2)/Exchange for SMTP?
OWA/Outlook Anywhere/Acitve Sync are not the priority, but it would be nice to cover that too. At least it shouldn't break these features.
Do they need a certificate from a public CA or is a private CA enough? Are there special requirements the certificate has to meet?
What changes are needed in SBS2011 and/or Exchange and/or IIS to use Perfect Forward Secrecy for SMTP?
What are the requirements to use PFS on SBS2011(based on 2008R2)/Exchange for SMTP?
OWA/Outlook Anywhere/Acitve Sync are not the priority, but it would be nice to cover that too. At least it shouldn't break these features.
Do they need a certificate from a public CA or is a private CA enough? Are there special requirements the certificate has to meet?
What changes are needed in SBS2011 and/or Exchange and/or IIS to use Perfect Forward Secrecy for SMTP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After some more research I was able to successfully change the SSL settings. Everything is still working.
Thank you for the solution.
Thank you for the solution.
ASKER
I have some more questions before I try that in a productive system:
Will these changes have a negative effect or require additional changes to IIS/OWA/Active Sync/Outlook Anywhere?
Is there a way to check the results for SMTP connections? I found a solution using Linux/openssh to check the ciphers - is there any way to do it with Windows? The test from ssllabs.com is for HTTPS only and the test from ssl-tools.net says that PFS is already available (before I made any changes).
Are there any requirements regarding the certificate? Is the SHA1/RSA certificate we created with an internal CA good enough?