TLS connection on Mail server

Posted on 2016-09-13
Last Modified: 2016-09-14
For mail server to establish TLS, do I need to install a certfiicate on the server ?

Question by:AXISHK
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

by:Ned Ramsay
ID: 41797190
Unfortunately yes.
You can use an Internal Windows CA but only if you have one setup in active directory.

Author Comment

ID: 41797195
Can i generate a self certficate in the server for this purpose ?

LVL 15

Expert Comment

by:Todd Nelson
ID: 41797262
Yes, you need a certificate for TLS.  If you are using for something like Office 365 it cannot be a self signed certificate.
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now


Author Comment

ID: 41797266
We own our Exchange 2010. If I use the self certificate, will TLS be established with other side ?


Assisted Solution

by:Ned Ramsay
Ned Ramsay earned 200 total points
ID: 41797287
It will work for connecting through TLS from your client workstations/phones etc.

TLS to another mail server no. The receiving mailserver has no way of knowing if it is genuine if you dont have a recognized CA cert.

I had to do something like this recently to encrypt legal data between two companies.

Author Comment

ID: 41797299
can Exchange use other connection for mail transmission in case TLS can't be established ?

Can you share how to setup the TLS on the Exchange ?

LVL 63

Accepted Solution

Simon Butler (Sembee) earned 300 total points
ID: 41798832
Exchange does Opportunist TLS - so it will fall back to plain SMTP if TLS cannot be done. There is nothing to setup to do that.
You only need to change the configuration if you want to use Mutual TLS (basically use TLS or drop the connection).

Do you not have a trusted SSL certificate on Exchange already? It is pretty much mandatory for Exchange to have a trusted SSL certificate if you have external clients. The self signed certificates are not supported for use with Outlook Anywhere and ActiveSync.

When you can get a suitable certificate for less than $60, trying to get a self signed certificate to work is a false economy.

Author Closing Comment

ID: 41799017

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 R2 SChannel Error 57 97
Exchnage 2013 Database - Dirty Shutdown 4 101
profile account in outlook problem 3 45
Block Hacker? 2 37
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question