Announcement

Collapse
No announcement yet.

TLS Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TLS Help

    Hi all,

    I am going to need to get TLS setup on our exchange 2003 server with HSBC.

    From what I have read I need to get TLS setup on the exchange box and get a SSL certificate installed on the exchange sever. I have had some experience with SSL's after getting email sorted for iPhones etc and that was fairly easy but I am having issues sorting the certificate side on the exchange box.

    I have been following the below and seems fairly easy but I am unsure of what options to fill out on the cert wizard.

    http://www.networkworld.com/news/2007/011807-tls4.html

    What is the common name I used for the SSL cert request? Say our email address is [email protected] would the domain be joebloggs.com for the common name?

    The problem I think I have is we have a website that is the same domain as our email address but the website is hosted externally. So I am confused what the common name is I should use for the cert form. I need to validate the cert with go daddy.

    Obviously the cert has to be @ our email address domain.

    Does that make sense?

    Many thanks!!
    Kind Regards,
    Simon

  • #2
    Re: TLS Help

    The domain name would be the external FQDN of the email server.

    If you have Iphones, etc.. already attached, does that mean you have an SSL cert now?
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: TLS Help

      Originally posted by Lior_S View Post
      The domain name would be the external FQDN of the email server.

      If you have Iphones, etc.. already attached, does that mean you have an SSL cert now?
      Hi,

      Thanks for the reply.

      We have two exchange servers and one has a cert for the iphones but one doesn't. The server that has the cert on at the moment is going to be removed soon so I will be moving the cert to the other server.

      So once the second server has a cert I wont need to get another? Is that what you are saying?

      Thanks!
      Kind Regards,
      Simon

      Comment


      • #4
        Re: TLS Help

        So once the second server has a cert I wont need to get another? Is that what you are saying?
        Correct its one cert per server. Pretty sure you will need to reissue it when you move it from one server to the other.

        If your cert name matches your FQDN then your TLS "score" is improved. However technically its not required for TLS.

        I like http://www.checktls.com/ to make sure all my ducks are quacking OK.
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

        Comment


        • #5
          Re: TLS Help

          Originally posted by Lior_S View Post
          Correct its one cert per server. Pretty sure you will need to reissue it when you move it from one server to the other.

          If your cert name matches your FQDN then your TLS "score" is improved. However technically its not required for TLS.

          I like http://www.checktls.com/ to make sure all my ducks are quacking OK.
          Fantastic!

          Great help!

          Many thanks,
          Simon
          Kind Regards,
          Simon

          Comment


          • #6
            Re: TLS Help

            Hello,

            Another question if I may?

            We send our email through a St Bernards Filter and after some tests using http://www.checktls.com I have noticed the filter name is in the log. Would the filter affect TLS?

            Thanks,
            Simon
            Kind Regards,
            Simon

            Comment


            • #7
              Re: TLS Help

              Is your filter outbound or inbound.
              I suspect its inbound, in that case that is where your MX is pointing to for inbound filtering. All the logs will then show the TLS configuration of the filter service and none of your server.
              "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

              Comment


              • #8
                Re: TLS Help

                Originally posted by Lior_S View Post
                Is your filter outbound or inbound.
                I suspect its inbound, in that case that is where your MX is pointing to for inbound filtering. All the logs will then show the TLS configuration of the filter service and none of your server.
                Hi,

                Thanks for your reply!

                It is inbound yes as you thought. So will it matter?

                Thanks!!
                Kind Regards,
                Simon

                Comment


                • #9
                  Re: TLS Help

                  It will make a very big difference in testing, but functionally it wont matter. You will need to test it directly with its own FQDN , not those in MX.

                  If you have OWA as well you can see it in a browser, using HTTPS, since a cert is per machine, not service.
                  "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                  Comment

                  Working...
                  X