TLS Certificate Request

Home Forums Messaging Software Exchange 2000 / 2003 TLS Certificate Request

This topic contains 3 replies, has 2 voices, and was last updated by  marky9999 7 years, 11 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts

  • marky9999
    Member
    #154208

    We have a requirement to receive TLS encrypted mail from one customer.

    From what ive read installing a certificate on the exchange server will allow us to accept both TLS and Non TLS mail, is this correct? some other articles suggest setting up and second SMTP virtual server on a separate IP address. (we have no requirement to send TLS mail, only receive)

    When requesting the certificate do I use our MX record address for the common name on the cert. i.e. “mail.domain.com”,

    how will this work if a secondary MX record is used when the primary is unavailable i.e. “backupmail.domain.com”

    MS Exchange 2003

    Thanks in advance


    Sembee
    Member
    #260179

    Re: TLS Certificate Request

    You either have to use a separate port, or a separate external IP address.
    Exchange 2003 is TLS on or off. It doesn’t do opportunist TLS like Exchange 2007 and higher.

    You will therefore have to create another SMTP virtual server in ESM, set it up with the required parameters and install the SSL certificate.

    The remote site will not be able to use your MX record. They will have to use the specific host name. You can only use the same host name as your MX record if you are using an alternative port.

    Simon.


    marky9999
    Member
    #295371

    Re: TLS Certificate Request

    Thanks Sembee

    We have a fortimail aplliance thats sits between our exchange servers and the outside world. This takes care of spam,antivirus and content filtering. This device supports TLS.

    Would i set up TLS on the fortimail device, The exchange servers or both (including certs)

    Cheers


    Sembee
    Member
    #260180

    Re: TLS Certificate Request

    TLS should be setup on the point of entry to your network – so what answers SMTP traffic. That doesn’t sound like it is Exchange, rather your appliance, so that is where the TLS should be configured, certificate installed etc.

    Simon.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.