none
TLS Enabling

    Question

  • I have a client who is dealing some business with a bank and bank asked them that they need to have TLS enabled on their exchange server for them to send email to us and vice versa.

    We are using Cisco Ironport smart host and exchange 2013 environment.

    We have MX records as below
    mail1.contoso.in
    mail2.contoso.in

    We have third party Cerificate as below

    Mail.contoso.in
    pop.contos.in
    autodiscover.contoso.in

    Please advise us we need to change certificate any and how to enable the TLS.


    Thanks & Regards, Kumar N

    Monday, May 23, 2016 8:25 AM

Answers

All replies

  • Hi,

    Upto my knowledge, If your previous certificate is SSLv3 means it supports TLS also but some
    renegotiation takes place. But working fine..

    If Customer requires exact TLS cert means go for it. No other way. You need to change cert.

    Monday, May 23, 2016 10:59 AM
  • Hi Sabarish,

    Thanks for your reply. We are using SSLv3.

    My doubt is My MX record is different and certificate name is different. If i need to enable TLS in Cisco smart host i need to create new certificate with MX record name's which is mentioned above.

     

    Please clarify?



    Thanks & Regards, Kumar N


    Tuesday, May 24, 2016 3:07 AM
  • Hi,

    You should add "mail1.contoso.in" and "mail2.contoso.in" SAN in certificate, or new a Wildcard certificate with "*.contoso.in".
    Moreover, here's a link about force TLS on Exchange server:
    http://o365info.com/configure-force-tls-on-exchange-on-premises-environment-settings-of-send-connector-part-8-12-tls/
    http://o365info.com/configure-force-tls-on-exchange-on-premises-environment-settings-of-receive-connector-part-9-12-tls/

    "•The mail communication will need to be implemented by using encrypted communication line (TLS).
    •The “external server” (Exchange Online) must support TLS.
    •The “external server” (Exchange Online) must identify himself using a trusted public certificate.
    •The public certificate of the “external server” must include a specific host name who will approve the identity of the mail server – *.outlook.com"

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, May 24, 2016 9:20 AM
    Moderator