Creating a Receive Connector for TLS (Encrypted) E-mail Exchange 2013

Email transmissions between companies sometimes need to be encrypted in transit. In order for this encryption to work across links both exchange servers must have a valid and trusted SSL certificate. If using Internal CA certificates, both exchange servers must have the each others Root CA cert and any Intermediates installed locally in the relevant certificate stores, and must be able to lookup the certificate revocation list of the certificate. Therefore each network myst have a CRL publishing point available to each other.

To create a Receive Connector to accept TLS encrypted email you must first declare the remote email domain in the TlsReceiveDomainSecureList of exchange 2013. This is done using the Set-TransportConfig exchange management shell command

Set-TransportConfig -TLSReceiveDomainSecureList @{Add="remotedomain.com"}

Now to create the receive connector

New-ReceiveConnector -Name TLSReceive -Usage Custom -Bindings "10.0.10.10:25" -TransportRole "FrontEndTransport" -AuthMechanism TLS -DomainSecureEnabled $true -Fqdn "tlsmail.domain.com" -RequireTLS $true -TlsCertificateName [s]subject name

To get the subject name of the certificate use the Get-ExchangeCertificate cmdlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s