Understanding how certificates are selected for a Transport layer Security (TLS) session will help you troubleshoot TLS issues. Since we shipped Exchange 2007, support engineers Jenny Frye and Stuart Presley have been helping customers work through issues around deploying Domain Security and using TLS to connect Hub Transport servers and Edge Transport servers and to enable POP and IMAP clients to encrypt traffic with Hub servers.

To help diagnose the issues that early adopters were encountering, Stuart carefully reviewed the certificate selection piece of the transport code. He provided a set of rough documentation that outlined the steps that Exchange Transport goes through to select the appropriate certificate for TLS.

Then Jenny took Stuart's documentation, created some great flow charts, and polished up the wording to make it more useful for the IT admin. The result is published in this month's Exchange 2007 Help documentation update at TLS Certificate Selection. To download all updated Exchange 2007 Help documentation, go to Microsoft Exchange Server 2007 Help at the Microsoft Download Center.

Thanks to Stuart and Jenny for this rich addition to our core documentation. It's exactly what we needed!

And now, here's a peek at the flow chart that Jenny created for inbound anonymous TLS certificate selection process.

To see the full description that accompanies this flowchart, and to learn more about inbound STARTTLS and Outbound Anonymous certificate selection, check out TLS Certificate Selection.

Again, thanks to Jenny and Stuart for taking the time to document this and help us include this in our core documentation.

- John Speare