Re: Confusion RE: Transport Security Layer

Thanks Rich,

On additional question. Where do I acquire the cert. Can I use MS's Cert
Service or do I need to get the cert from a third party?

Background: I need to have my mail server communicate with a clients server
that requires TSL.

--

Rob


"Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:bn6e6150e3vc1npe7iiill58v6fooph7ni@xxxxxxxxxx
> "Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote:
>
>>Can someone please help me understand TSL? As I understand it, it an
>>encryption method for securing data across the internet.
>
> TLS is another name for SSL.
>
>>My question is how
>>does this apply to Exchange 2K3.
>
> The same way it applies to Exchange 2000. If you install the SSL
> certificate the virtual server advertises the necessary ESMTP keywords
> that tell the "other" server that it's possible to use TLS.
>
>>I see the option in the Virtual SMTP
>>server but I'm not sure what happens if I turn it on.
>
> Ummm . . . what option?
>
>>For example, do I
>>need to open up a different set of ports in my firewall?
>
> Nope.
>
>>How do I set up
>>the client?
>
> That depends on the SMTP client.
>
>>Do I need to setup some sort of certificate to use TSL?
>
> Yes. You'll need a x.509v3 cert.
>
>>Lastly
>>what does something like Iron Mail (http://www.ironmail.com/) provide that
>>Exchange doesn't in regards to TSL?
>
> TLS is TLS everywhere. If it were different it wouldn't be
> interoperable.
>
> However, Ironmail does offer you the ability to specify the level of
> security you want. E.g. is it okay that the other machine's cert isn't
> trusted, but the server name is correct? Or do you require that the
> cert is trusted. There are other things that Ironmail does, but it's
> an e-mail security appliance and its design is much different to that
> of Exchange.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm


.

Relevant Pages

  • RPC HTTP Single Exchange Server / Seperate DC GC Server
    ... expect either a single server that hosts all Exchange / AD roles, ... o Obtained verisign trial cert pointing to inbox.domain.com ... Now for XDA ...
    (microsoft.public.exchange.admin)
  • Re: Disable StartTLS on EX2007 Send Connectors
    ... I don't want to change the cert name to match the external FQDN, ... You can however change the FQDN on the send connector however to match ... Everytime it hits another server that offers TLS ... Ensure the built-in self cert that Exchange ...
    (microsoft.public.exchange.admin)
  • Re: Disable StartTLS on EX2007 Send Connectors
    ... I notice it only occurs when Exchange makes a connection to another server ... You can however change the FQDN on the send connector however to match ... Everytime it hits another server that offers TLS ... Ensure the built-in self cert that Exchange ...
    (microsoft.public.exchange.admin)
  • Re: Using TLS to Secure Email
    ... done a bit of testing with TLS at my current job. ... same cert on the SMTP Virtual Server as well. ... "Kevin Bachelder" wrote in message ... > I will be migrating to Exchange 2003 in the next few weeks. ...
    (microsoft.public.exchange.admin)
  • Re: Cant access OWA on New Front-End Server
    ... MVP - Exchange ... need to install a cert first. ... If the cert wasn't for a generic name/cname of the server - like ...
    (microsoft.public.exchange.setup)
Loading