Announcement

Collapse
No announcement yet.

Adding another SSL Certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding another SSL Certificate

    Sometime ago i went through the process of setting up Outlook using HTTPS/RPC. i decided to create my own certificate as per all the help in this forum. Things have been running smoothly. Now we have a requirement to secure email between ourselves and a client. They have specified only 5 certificates that are acceptable (Thawte etc..) but not a home grown one

    My question is, if i go down this route of getting one of these certificates installed, will it screw up my exisiting config?, Can i have more than 1 certificate installed? Can i indeed use this new one instead of my home made one?

    Any advice would be grateful

    Richy

  • #2
    Re: Adding another SSL Certificate

    no. you wont...

    its very simple, and i went thru the process about 2 months ago. i had to comply with the SSL nazis and i chose to go with verisign (which is a pain in the arse, btw)...

    create a new site on in IIS. you will use this new site to generate the request and process the reply.

    run thru the process of genreating the request from that site, then turn around and assign the cert to that site.

    then (this is the cool part i wasnt aware of) you can switch the certificate with the exchange site and viola! thats it...

    the certificate has nothing to do with your exchange configuration. the cert is basically like a variable in the algorithm is used to encrypt the file...

    you can verify that the site is using the new cert by going to OWA and checking the little 'padlock' on the bottom of the iE screen. if it reflects the new cert (and windows isnt bitching about the cert not being trusted) then your finished.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Adding another SSL Certificate

      Great answer James!
      Cheers,

      Daniel Petri
      Microsoft Most Valuable Professional - Active Directory Directory Services
      MCSA/E, MCTS, MCITP, MCT

      Comment


      • #4
        Re: Adding another SSL Certificate

        Originally posted by danielp View Post
        Great answer James!
        im flattered...

        some day all have half the karma you do.

        and thanks for the site D!
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: Adding another SSL Certificate

          thanks James, it works perfectly, got a trial cert first, did what you said and it was perfect, have now bought the full version and am hoping its not to much of a pain like you said.

          Many thanks

          Richard

          Comment


          • #6
            Re: Adding another SSL Certificate

            James, another quick question, i've finally got the SSL cert through from Verisign (only had to reapply 3 times....) but now i've got it, what do i do with it. I purchased this specifically to allow secure TLS email to another company. I've setup the secure email connector to their address space and emails use this, but how do i make it "encrypted"

            Regards

            Comment


            • #7
              Re: Adding another SSL Certificate

              The company's email server witch you are going to exchange secure emails also need to have a certificate and configured accordingly.

              There are two settings that have to be done. Both have to be done on the proper virtual smtp server

              1. Incoming SMTP traffic encryption (the connecting smtp server should start tls)
              2. Outgoing SMTP traffic encryption (your server starts tls).
              Attached Files
              Regards,
              Csaba Papp
              MCSA+messaging, MCSE, CCNA
              ...............................
              Remember to give credit where credit is due and leave reputation points where appropriate
              .................................

              Comment


              • #8
                Re: Adding another SSL Certificate

                cheers

                do i have to install their certificate and they ours?

                Comment


                • #9
                  Re: Adding another SSL Certificate

                  NO, each of you will use its own certificate. Just make sure that the certificate providers are trusted in both side.
                  Regards,
                  Csaba Papp
                  MCSA+messaging, MCSE, CCNA
                  ...............................
                  Remember to give credit where credit is due and leave reputation points where appropriate
                  .................................

                  Comment


                  • #10
                    Re: Adding another SSL Certificate

                    I added the Settings you gave and sent a test mail, got this in reply

                    The recipient could not be processed because it would violate the security policy in force
                    took off the settings and the mail got through

                    any ideas?

                    Comment


                    • #11
                      Re: Adding another SSL Certificate

                      Disable the outgoing TLS encryption in the Virtual SMTP server and activate it in the smtp connector (Advanced -> Outbound security) configured for the secure connection.
                      It should work now.
                      Attached Files
                      Regards,
                      Csaba Papp
                      MCSA+messaging, MCSE, CCNA
                      ...............................
                      Remember to give credit where credit is due and leave reputation points where appropriate
                      .................................

                      Comment

                      Working...
                      X