Require SSL for SMTP in Exchange 2010


  • Hi,


    My company assigned me to set up an internal exchange 2010 Server and apply an SSL certificate for pop/imap/ssl.  I have never worked with exchange before.  Currently I have pop/imap working with ssl, but I cannot seem to get the configuration right for SMTP.  I am using a wildcard cert from, provided by the company.  The error I am getting in outlook states that my email server does not support that type of encryption.  Can anyone point me in the right direction?  

    Tuesday, July 05, 2011 5:17 PM


All replies

  • Configure your Recieveconnector to enforce TLS.

    Set-ReceiveConnector "name of connector" -RequireTLS $True

    beware though that this conenctor once configured to require TLS, will not receive mail from Internet.


    lasse at humandata dot se,
    Tuesday, July 05, 2011 9:02 PM
  • That actually gave me a light at the end of the tunnel!  thanks!  Is there a similar command for connecting with an SSL encryption? I can now connect with a TLS encryption from outlook, but when I try connecting with SSL it still generates the "your email server does not support that type of encryption"   

    I have applied the ssl cert to smtp as well.

    Tuesday, July 05, 2011 10:54 PM
  • You  have to configure your clients to use TLS. This is different from each client software.

    A question though. Why have Outlook running in SMTP/POP/IMAP mode instead of using MAPI?
    MAPI has a lot more functionality.

    lasse at humandata dot se,
    Wednesday, July 06, 2011 10:24 AM
  • Hi,

    Read the aritcle below:

    wildcard could be used for Imap, pop and SMTP

    Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name (FQDN) of the service.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 07, 2011 3:24 AM
    1. For TLS, you may also want to consider SMTP Outbound for your Exch server (Send Connector).  You may want to do this on a domain basis (more likey) then for for address space of *.  
    2. Also, you may want to force TLS between your Exch org and a partner then creare another Send connector for this domain space.  Maybe create anothe send connector just for SMTP domain where a requirement is to force TLS.
    3. Leave the default send connector alone.

    Sunday, July 10, 2011 1:24 PM