Announcement

Collapse
No announcement yet.

Certificate for TLS encryption

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate for TLS encryption

    I need to encrypt mail to a specific domain and have read i need a certificate. I already have a self generated certificate for our OWA, do i need to Buy a "proper" one (verisign etc..) or will my self generated one suffice?

    Thanks

  • #2
    Re: Certificate for TLS encryption

    Self signed certs will work if the "other side" trusts your CA. If they don't, it won't. You can send them your CA root cert and ask them to import it to their machines, but if the "other side" is more than one entity, you'd be much better off by buying one.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: Certificate for TLS encryption

      If i buy one, can i use it in addition to my current one or would i replace it, also is the TLS certificate a different one to the SSL one or is it one certificate for all use.

      Reagrds

      Comment


      • #4
        Re: Certificate for TLS encryption

        As far as I know it uses the same format...
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          Re: Certificate for TLS encryption

          The certificates are the same format.
          What I usually do is buy a certificate for OWA, doing the request and accept there. Then once the certificate is in place, I export it and then import it to the SMTP virtual server. If you are going to buy an SSL certificate you may as well replace the home grown certificate.
          You don't have to buy Verisign though, unless you like being ripped off for an inferior product.
          RapidSSL, GoDaddy or Instant SSL certificate will be fine.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Certificate for TLS encryption

            Thanks Simon

            Unfortunately the company we are setting up a TLS with "demand" a certificate from a "supplier of note..." so Verisign it is.

            Thanks

            Comment


            • #7
              Re: Certificate for TLS encryption

              SSL certificates are no different between suppliers. They all do the same thing.
              Geotrust (RapidSSL) was bought by Verisign earlier this year.
              The reason they have said that is probably to deal with trust issues. Some of the cheapest certificates are not trusted by all mail servers.

              Even some of Verisign's roots are not trusted everywhere, so the use of that name doesn't really mean a great deal.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X