Announcement

Collapse
No announcement yet.

TLS Certificate Request

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TLS Certificate Request

    We have a requirement to receive TLS encrypted mail from one customer.

    From what ive read installing a certificate on the exchange server will allow us to accept both TLS and Non TLS mail, is this correct? some other articles suggest setting up and second SMTP virtual server on a separate IP address. (we have no requirement to send TLS mail, only receive)

    When requesting the certificate do I use our MX record address for the common name on the cert. i.e. "mail.domain.com",

    how will this work if a secondary MX record is used when the primary is unavailable i.e. "backupmail.domain.com"


    MS Exchange 2003

    Thanks in advance

  • #2
    Re: TLS Certificate Request

    You either have to use a separate port, or a separate external IP address.
    Exchange 2003 is TLS on or off. It doesn't do opportunist TLS like Exchange 2007 and higher.

    You will therefore have to create another SMTP virtual server in ESM, set it up with the required parameters and install the SSL certificate.

    The remote site will not be able to use your MX record. They will have to use the specific host name. You can only use the same host name as your MX record if you are using an alternative port.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: TLS Certificate Request

      Thanks Sembee

      We have a fortimail aplliance thats sits between our exchange servers and the outside world. This takes care of spam,antivirus and content filtering. This device supports TLS.

      Would i set up TLS on the fortimail device, The exchange servers or both (including certs)

      Cheers

      Comment


      • #4
        Re: TLS Certificate Request

        TLS should be setup on the point of entry to your network - so what answers SMTP traffic. That doesn't sound like it is Exchange, rather your appliance, so that is where the TLS should be configured, certificate installed etc.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X