TLS on Local Exchange server with BPOS
Hi,
Wanted to post a message from Ryan Phillips, BPOS Tech guy extrordinare and all around nice guy working on BPOS at Microsoft.
This is a nice tech summary that you should file under migration and co-existence details.
-brett
----------------------------
Did you know that BPOS-S provides guidance on how to configure an On-Premise Messaging environment to use Transporter Layer Security (TLS) when sending/receiving messages securely. The documentation states that you must install a certificate in your On-Premise Outbound Mail Server however, this is ONLY true if this Messaging Server requires Inbound messages to be securely received. After following the guidance in the document/TechNet article listed above, the On-Premise Mail Server will be able to send/receive secure email via TLS.
Note: To receive TLS messages from EHS or any other Messaging Systems, a certificate must be applied to the On-Premise server that receives Internet email messages, which is defined by the SMTP Domain’s MX record. By installing a publicly verifiable (VeriSign, etc.), the sending server will check the On-Premise Message Server’s certificate to make sure:
1. The name being used to connect to the On-Premise Mail Server matches the certificates Common Name (CN)
2. The certificate is not expired (Certificate Revocation List – CRL)
3. The certificate is trusted by the sending server (Trusted Room Certification Authorities)
Once the above has been completed, the On-Premise environment will Send/Receive messages via TLS. Until an On-Premise certificate is applied, the On-Premise server will only be able to Send TLS.
…and know you know J
Ryan J. Phillips
BPOS-S Service Account Manager
