Can an SSL cert use an IP address? I think they require a FQDN only. All I did was create a new SMTP Virtual Server with a dedicated IP. Setup an external DNS record (such as mail-tls, securemail, mail2, etc) which resolved appropriately to get down to the new SMTP virtual server. I created an SSL cert for the above FQDN and set it on the SMTP virtual server.
That's pretty much it. A mail server connects in just it would to your default SMTP virtual server, but since it's TLS enabled, it can use some additional commands to make a secure connection. You could even use your default SMTP Virtual Server that is in use for general mail, but if you do that, you wouldn't want to check the box for "require TLS". -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Richard Sent: Tuesday, December 19, 2006 11:36 AM To: Exchange Discussions Subject: RE: TLS Yeah, we use plenty of RapidSSL certs for clients. I'm just trying to cover all of my bases before trying this. I've never had to setup TLS before. My understanding is that (based on the link I provided), it creates a specific site to site configuration that would be outside the scope of my MX records (since I assign another IP to it). Is that correct? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evan Mann Sent: Tuesday, December 19, 2006 11:31 AM To: Exchange Discussions Subject: RE: TLS Untrusted certs kick off cert warnings, and unless the communicating software has a way to say "yes" to an acception, the SSL communication will fail. If you sign your own cert, and provide it to them, they need to accept it as trusted on the server that is commmunicating. Many people are not going to want to do this for a variety of reasons. Globally trusted certs do not need to be expensive. RapidSSL certs are signed by Equifax and only cost $69 for a single year (with discounts for multiple years). There are even cheaper ones as well. It'sn ot worth the headaches of trying to sign your own cert IMO unless it's strictly for testing/lab/internal use only. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scharff Sent: Tuesday, December 19, 2006 11:26 AM To: Exchange Discussions Subject: RE: TLS For TLS? WTF... Since your server certificate is only used when they are trying to send mail to you and you've published your Mx records I can't see why it would matter. But, what do I know. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:bounce- > [EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey > (Citco) > Posted At: Tuesday, December 19, 2006 9:50 AM Posted To: swynk > Conversation: TLS > Subject: RE: TLS > > Internal can be used. But the client will probably want to deal with a > trusted certificate from third party. This was our case. Our client > didn't want to deal with us until we got a cert from Verisign. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pat > Richard > Sent: Tuesday, December 19, 2006 10:42 AM > To: Exchange Discussions > Subject: TLS > > We've been tasked with setting up TLS between a client and a large > client of theirs. I've been doing some initial research, and was > reading http://msexchangeteam.com/archive/2006/10/04/429090.aspx. It > mentions setting up a certificate. My question is if an internal CA > can be used, > or if it needs to be a trusted cert from a third party. > > Any help is greatly appreciated. > > Pat Richard > BOLD Technologies, Inc. > Phone: 248-457-2000 x11 > Fax: 248-786-0216 > http://www.BoldTechnologies.com/ > [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > dl.sparklist.com > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
