Step by step guide to TLS

[PC0]

Hello all,

I have been asked to setup email encryption with our client. So, I was wondering if anyone knows of a step-by-step guide to setting up forced encryption between email servers on an Exchange 2007 server.

Would I be correct in assuming that TLS is one option? What about setting up a direct trust?

All help is sincerely appreciated.

Thanks.

 

[ShackDaddy]

FWIW, your Exchange 2007 server is already trying to do TLS with every server it communicates with. That means that it already does opportunistic TLS with any Exchange 2007 server it talks to. So if both sides are E2007, you are already encrypting traffic, if things are set up right, which they usually would be by default if you have a cert loaded and specified for SMTP. If you want to make sure that you're doing TLS, you should spend more time working on the other side of the equation, especially if the client server doesn't use TLS currently.

Dave Shackelford
ThirdTier.net

 

[PC0]

Thank you Dave. Here's a little more information - because of opportunistic TLS, the client and us are encrypting traffic, but I cannot provide/prove a list of clients that we are communicating only via TLS.
If my understanding of opportunistic TLS is correct, the Exchange 2007 server will try to communicate via TLS first and then if it fails it will send the data without any encryption.
The client already has a TLS enabled Exchange 2003 environment (they have used the self generated Exchange 2007) cert, and now I have to find out a way to have TLS only enabled email communication with them (and in the process, hope not to bring down the exchange server).

Thanks in advance for all the help.

 

[58sniper]

Create a send connector for their address space, and force TLS.

How to Configure Mutual TLS for Domain Security

http://technet.microsoft.com/en-us/library/bb123543.aspx

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/