Creating a Receive Connector for TLS (Encrypted) E-mail Exchange 2013

Email transmissions between companies sometimes need to be encrypted in transit. In order for this encryption to work across links both exchange servers must have a valid and trusted SSL certificate. If using Internal CA certificates, both exchange servers must have the each others Root CA cert and any Intermediates installed locally in the relevant certificate stores, and must be able to lookup the certificate revocation list of the certificate. Therefore each network myst have a CRL publishing point available to each other.

To create a Receive Connector to accept TLS encrypted email you must first declare the remote email domain in the TlsReceiveDomainSecureList of exchange 2013. This is done using the Set-TransportConfig exchange management shell command

Set-TransportConfig -TLSReceiveDomainSecureList @{Add="remotedomain.com"}

Now to create the receive connector

New-ReceiveConnector -Name TLSReceive -Usage Custom -Bindings "10.0.10.10:25" -TransportRole "FrontEndTransport" -AuthMechanism TLS -DomainSecureEnabled $true -Fqdn "tlsmail.domain.com" -RequireTLS $true -TlsCertificateName [s]subject name

To get the subject name of the certificate use the Get-ExchangeCertificate cmdlet.

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.