Re: Please Help: Additional TSL Questions

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

It's TLS, not TSL, but that's a minor nit-pick. It stands for Transport
Layer Security, and is akin to SSL for SMTP transmissions.

1. I'm not sure exactly what part of Verisign's website you went to. The
method for obtaining an SSL certificate is to go into IIS Manager (or in
this case, Exchange System Manager), go to the properties of the Default
SMTP Virtual Server, Access Tab, then click on the Certificate button. This
will guide you through creating a Certificate Request. The certificate
request is what includes the details about your server, your organization,
the purpose of the certificate, etc. Once you have prepared the certificate
request, a file is created that contains the request. The contents of that
"key" are what gets submitted to Verisign or Thawte (or other SSL
certificate provider). SSL Certificates are for servers - they could
actually have multiple uses once assigned to the server.

BTW - you'll find that using a provider like Thawte (actually owned by
Verisign) is much cheaper than Verisign itself.

2. The "Name" should be able to be anything. When you are going through
the wizard, it tells you that the name should be easy for you to refer to
and remember. Following through the rest of the wizard "should" be
self-explanatory and as referred to earlier, will generate a file. Some
CA's want you to attach the actual file, some want the contents (Thawte for
example has you paste the contents into a form on their website).

3. You would use an SMTP connector. In the name space for the connector,
you would add just that one domain that you need to communicate via TLS
with. However, this only controls the ability to "Send" via TLS. As far as
receiving, if you telnet to your server on port 25 and issue the EHLO
command, check to make sure that the TLS and STARTTLS commands are listed.
As long as that command is listed, your server should be able to accept an
inbound TLS message.

4. I'd recommend working with the remote domain. Let them know that you
are setting it up and need to test it to make sure it is set up correctly.

--
Ben Winzenz
Exchange MVP
MessageOne


"Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote in message
news:OGi6CzeYFHA.796@xxxxxxxxxxxxxxxxxxxxxxx
> Ok so I need to deploy Exch2003 so that it can communicate to one domain
> via TSL. I've never done this before so please bare with me.
>
> 1) I know I need to acquire a cert so I've visited Verisigns site and it
> needs me to "Generate a Private Key Pair". The instructions an Verisign
> site refer to web servers but in my case I need the cert for my mail
> server. Should I generate this Key from my SMTP Virtual Server?
>
> 2) The IIS Certificate Wizard also request "Name" Can this be anything or
> does it have to be some identifying name such as the FQDN. If it needs to
> be the FDQN would that be the public name or internal name?
>
> 3) I only need to communicate this way to one domain. All other email I
> want to come in and out without the use of TSL. Do I need to create a
> second Virtual Server for this to work? Do I need to create a SMTP
> connecter to use that SMTP server to route email to and from that domain?
>
> 4) After I get this set up what is the best way to test it beside simply
> sending email to the desired domain. I ask because I'm setting up the
> server in my shop and would like to test it before I deploy it on site.
>
> As with everything, I'm under the gun here to get this set up ASAP so any
> help would be greatly appreciated.
>
> TIA.
>
> --
>
> Rob
>
>
>


.

Quantcast