No announcement yet.

Simple TLS questions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Simple TLS questions

    I'm not an exchange admin, so bear with me and excuse my base questions...

    I have a client that wants to make a TLS connection between our companies. They have sent me 4 domains of theirs that I need to use in configuring this. From reading another post here regarding this (see link), I have a few questions.

    -My server has a certificate from a CA, that we use for secure connections for smartphone etc... Will this suffice for creating the TLS connection or will I need to install somewhere else?
    -The only other thing I need to do is create an SMTP connector and add the domains?

    The more detail the better, (where things are and such)

  • #2
    What you have outlined should work, at least for outbound email.
    Inbound email would require a different SMTP virtual server, and either a different port or different IP address and host name, plus changes made at the client as well.
    However with the changing requirements for SSL, depending on what the remote site is using, it still may not work.

    TLS support on Exchange 2003 is awful, it isn't really baked in the product, requiring separate configurations. If you need to support TLS then migrate off Exchange 2003 to Exchange 2007 or 2010, which has the support baked in and doesn't require extensive modifications to the network to work correctly.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Sorry for the long delay on this project... We only need to worry about outbound TLS. With that said, I made an smtp connector, put our clients email domains in the Address space tab, then checked TLS on outbound security, chose my server as a bridgehead and sent a test. The test email stuck in my queue with the message "the remote smtp service does not support TLS". I confirmed with the client that they are setup for opportunistic TLS and ready (they have other clients that they already have TLS setup with, so I'm certain they have their ducks in row).

      Is this message referring to my bridgehead? The cert on my server is installed in IIS for owa connections, will i need to install it elsewhere or buy another cert for smtp? Or do i need to make a VS with the same CN ( as the cert (my server's name is different)?