Re: Confusion RE: Transport Security Layer

Using the Certificate Service in Windows is certainly a possibility, but the
remote site will likely have to make sure that they add it to the list of
Trusted certs, otherwise it may not work. If you choose not to use Cert
Services, there are plenty of public certificate authorities out there. One
of the most notable would be Verisign, but they tend to be more expensive.
A more affordable choice is Thawte (which is actually owned by Verisign).

--
Ben Winzenz
Exchange MVP
MessageOne


"Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote in message
news:upXvXrlRFHA.3880@xxxxxxxxxxxxxxxxxxxxxxx
> Thanks Rich,
>
> On additional question. Where do I acquire the cert. Can I use MS's Cert
> Service or do I need to get the cert from a third party?
>
> Background: I need to have my mail server communicate with a clients
> server that requires TSL.
>
> --
>
> Rob
>
>
> "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:bn6e6150e3vc1npe7iiill58v6fooph7ni@xxxxxxxxxx
>> "Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote:
>>
>>>Can someone please help me understand TSL? As I understand it, it an
>>>encryption method for securing data across the internet.
>>
>> TLS is another name for SSL.
>>
>>>My question is how
>>>does this apply to Exchange 2K3.
>>
>> The same way it applies to Exchange 2000. If you install the SSL
>> certificate the virtual server advertises the necessary ESMTP keywords
>> that tell the "other" server that it's possible to use TLS.
>>
>>>I see the option in the Virtual SMTP
>>>server but I'm not sure what happens if I turn it on.
>>
>> Ummm . . . what option?
>>
>>>For example, do I
>>>need to open up a different set of ports in my firewall?
>>
>> Nope.
>>
>>>How do I set up
>>>the client?
>>
>> That depends on the SMTP client.
>>
>>>Do I need to setup some sort of certificate to use TSL?
>>
>> Yes. You'll need a x.509v3 cert.
>>
>>>Lastly
>>>what does something like Iron Mail (http://www.ironmail.com/) provide
>>>that
>>>Exchange doesn't in regards to TSL?
>>
>> TLS is TLS everywhere. If it were different it wouldn't be
>> interoperable.
>>
>> However, Ironmail does offer you the ability to specify the level of
>> security you want. E.g. is it okay that the other machine's cert isn't
>> trusted, but the server name is correct? Or do you require that the
>> cert is trusted. There are other things that Ironmail does, but it's
>> an e-mail security appliance and its design is much different to that
>> of Exchange.
>>
>> --
>> Rich Matheisen
>> MCSE+I, Exchange MVP
>> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
>
>


.

Relevant Pages

  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: how to configure rpc over http connection for a client
    ... This is a server for my client. ... When i work at my office, outlook can connect to the exchange server. ... Yep - this is where you accept & then install the certificate after you get ...
    (microsoft.public.windows.server.sbs)
  • Re: Dead Exchange Server
    ... Microsoft Certified Partner ... Server, and matched up every setting on my default, then deleted the new one, ... I would suggest downloading Exchange Best Practice and SBS Best Practice ... > certificate that was generated with the install, but i made a new one> to ...
    (microsoft.public.exchange.connectivity)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)