TLS Help

This topic contains 8 replies, has 2 voices, and was last updated by Avatar Lior_S 6 years, 6 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    Si_Pe
    Member
    #161164

    Hi all,

    I am going to need to get TLS setup on our exchange 2003 server with HSBC.

    From what I have read I need to get TLS setup on the exchange box and get a SSL certificate installed on the exchange sever. I have had some experience with SSL’s after getting email sorted for iPhones etc and that was fairly easy but I am having issues sorting the certificate side on the exchange box.

    I have been following the below and seems fairly easy but I am unsure of what options to fill out on the cert wizard.

    http://www.networkworld.com/news/2007/011807-tls4.html

    What is the common name I used for the SSL cert request? Say our email address is [email protected] would the domain be joebloggs.com for the common name?

    The problem I think I have is we have a website that is the same domain as our email address but the website is hosted externally. So I am confused what the common name is I should use for the cert form. I need to validate the cert with go daddy.

    Obviously the cert has to be @ our email address domain.

    Does that make sense?

    Many thanks!!

    Avatar
    Lior_S
    Member
    #282982

    Re: TLS Help

    The domain name would be the external FQDN of the email server.

    If you have Iphones, etc.. already attached, does that mean you have an SSL cert now?

    Avatar
    Si_Pe
    Member
    #278270

    Re: TLS Help

    Lior_S;270775 wrote:
    The domain name would be the external FQDN of the email server.

    If you have Iphones, etc.. already attached, does that mean you have an SSL cert now?

    Hi,

    Thanks for the reply.

    We have two exchange servers and one has a cert for the iphones but one doesn’t. The server that has the cert on at the moment is going to be removed soon so I will be moving the cert to the other server.

    So once the second server has a cert I wont need to get another? Is that what you are saying?

    Thanks!

    Avatar
    Lior_S
    Member
    #282983

    Re: TLS Help

    Quote:
    So once the second server has a cert I wont need to get another? Is that what you are saying?

    Correct its one cert per server. Pretty sure you will need to reissue it when you move it from one server to the other.

    If your cert name matches your FQDN then your TLS “score” is improved. However technically its not required for TLS.

    I like http://www.checktls.com/ to make sure all my ducks are quacking OK.

    Avatar
    Si_Pe
    Member
    #278271

    Re: TLS Help

    Lior_S;270798 wrote:
    Correct its one cert per server. Pretty sure you will need to reissue it when you move it from one server to the other.

    If your cert name matches your FQDN then your TLS “score” is improved. However technically its not required for TLS.

    I like http://www.checktls.com/ to make sure all my ducks are quacking OK.

    Fantastic!

    Great help!

    Many thanks,
    Simon

    Avatar
    Si_Pe
    Member
    #278272

    Re: TLS Help

    Hello,

    Another question if I may?

    We send our email through a St Bernards Filter and after some tests using http://www.checktls.com I have noticed the filter name is in the log. Would the filter affect TLS?

    Thanks,
    Simon

    Avatar
    Lior_S
    Member
    #282984

    Re: TLS Help

    Is your filter outbound or inbound.
    I suspect its inbound, in that case that is where your MX is pointing to for inbound filtering. All the logs will then show the TLS configuration of the filter service and none of your server.

    Avatar
    Si_Pe
    Member
    #278273

    Re: TLS Help

    Lior_S;270862 wrote:
    Is your filter outbound or inbound.
    I suspect its inbound, in that case that is where your MX is pointing to for inbound filtering. All the logs will then show the TLS configuration of the filter service and none of your server.

    Hi,

    Thanks for your reply!

    It is inbound yes as you thought. So will it matter?

    Thanks!!

    Avatar
    Lior_S
    Member
    #282985

    Re: TLS Help

    It will make a very big difference in testing, but functionally it wont matter. You will need to test it directly with its own FQDN , not those in MX.

    If you have OWA as well you can see it in a browser, using HTTPS, since a cert is per machine, not service.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.