How to setup a TLS email connection

I got requested to setup a TLS connection between my company and an outside company. They provided the domains, and said to add as necessary. I did a research online and on some places it says to do it like this:

Set-TransportConfig -TLSSendDomainSecureList domain.com

Set-TransportConfig -TLSReceiveDomainSecureList domain.com

$TransportConfig = Get-TransportConfig
$TransportConfig.TLSSendDomainSecureList += "domain.com"
Set-TransportConfig -TLSSendDomainSecureList $TransportConfig.TLSSendDomainSecureList

$TransportConfig = Get-TransportConfig
$TransportConfig.TLSReceiveDomainSecureList += "domain.com"
Set-TransportConfig -TLSReceiveDomainSecureList $TransportConfig.TLSReceiveDomainSecureList

On other it says to go to the send connection in the exchange management console, but not sure how to do it there, or which way it the best way to achieve this. Any help will be appreciated.
LVL 1
chipsexpertsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carol ChisholmCommented:
You should not need to do anything if the other company supports TLS. Exchange always tries TLS first (opportunistic TLS and then changes to an unencrypted protocol if TLS is not accepted by the other exchange server.
0
chipsexpertsAuthor Commented:
Forgot to mention that they are asking for mutual TLS setup. Inbound Outbound
0
Carol ChisholmCommented:
Should not make any difference. Exchange will always try for TLS is it is available.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

chipsexpertsAuthor Commented:
So, Carol then what's the point of this link:

http://exchange.sembee.info/2010/hub/mutualtls.asp

I know you are an expert, can you provide me feedback?
0
Carol ChisholmCommented:
Well Sembee is really good at this stuff. At the beginning of his document you will see:

"By default, Exchange 2007 and higher will use TLS to send and receive email to another server by default, if the other server supports it. This is known as opportunist TLS."


If your Exchange certificate is set up properly and if the other server has an appropriate certificate and supports TLS then you are OK.

The link provides (very professionally) two ways of forcing this doing this: using powershell, or using the EMC GUI. If the other server does not support TLS or one or the other of your certificates has an issue no mail will flow. If you do something wrong in the poweshell or GUI you could break mailflow too.

The powershell probably works more or less on all Exchange versions, the GUI is different depending on what exchange version you are using.

BUT if you don't know where the send connectors are in the GUI then you really don't want to be even trying this because you could mess up your whole configuration, and end up not being able to send to receive email.

So really my recommendation is either do a lot more reading and set up a test environment. Or go to whoever asked you to do this and say "By default, Exchange 2007 and higher will use TLS to send and receive email to another server by default, if the other server supports it. This is known as opportunist TLS."

You should also contact the other party and ask if their server supports TLS, since it depends on them. Your Exchange certificates also need to be in good shape
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chipsexpertsAuthor Commented:
Thanks for your assistance. Carol
0
ChrisCommented:
if you have been asked to setup Mutual TLS this generally means that they don't want email sent if its not encrypted by TLS. With opportunistic TLS if it doesn't work then it will send the mail anyway

those powershell cmdlets look correct to send both outbound and inbound
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.