SSL on SMTP server or Excchange Server

[Murray720]

I need to secure my Email by installing an SSL certtificate, but I am not sure if I should install the certificate on my actual Exchange box, or the SMTP server.

My LAN clients connect using Outlook (Imap) and my remote clients connect using OWA 2003.

Exchange Server is:
OS - Win 2000 Server
Running - Exchange Enterprise 2003

SMTP
OS - Win 2000 Server

Do I just need to install the certificate on the default htm of OWA or is there more involved?

 

[vostok1]

My setup of SSL for OWA:

Software: w2k server + exchange 2k3
------------------------------------------------------------
SETUP CA: Setup Certification Authority on another server a 2k3 server.

CERT REQUEST: A cert request generated in IIS Default Web Site of the EXCH server.

CREATE CERT: A cert created by the CA and both certs (Server CA Cert and the requested Email Cert) copied on the desktop of the EXCH server from the CAConfig directory of the CA server.

IMPORT BOTH CERTS: The CA Cert was imported in the Cert Store in Trusted Root Auth and the email Cert was setup in IIS

ENABLE SSL: Secure communication checked in Exchange Properties in IIS. 128-bit encryption selected. Enable Forms Based Authorization checked in Exchange System Manager/Http/Exchange Virtual Server

 

[vic102482]

Set it up on the OWA server, you need to encrypt that session because the HTTP passwords are sent unencrypted. SMTP is an open protocol (anyone can read your emails) so it doesnt matter if you put a cert on there unless you want to use TLS or SSL but then you wont be able to email anyone because other folks probably arent using tht protocol. Also get an SSL cert from a public CA if you set it up yourself, users will get confusing warning messages from IE because your CA is not in their list of approved authority thingies.