Creating a Receive Connector for TLS (Encrypted) E-mail Exchange 2013
Email transmissions between companies sometimes need to be encrypted in transit. In order for this encryption to work across links both exchange servers must have a valid and trusted SSL certificate. If using Internal CA certificates, both exchange servers must have the each others Root CA cert and any Intermediates installed locally in the relevant certificate stores, and must be able to lookup the certificate revocation list of the certificate. Therefore each network myst have a CRL publishing point available to each other.
To create a Receive Connector to accept TLS encrypted email you must first declare the remote email domain in the TlsReceiveDomainSecureList of exchange 2013. This is done using the Set-TransportConfig exchange management shell command
Set-TransportConfig -TLSReceiveDomainSecureList @{Add="remotedomain.com"}
Now to create the receive connector
New-ReceiveConnector -Name TLSReceive -Usage Custom -Bindings "10.0.10.10:25" -TransportRole "FrontEndTransport" -AuthMechanism TLS -DomainSecureEnabled $true -Fqdn "tlsmail.domain.com" -RequireTLS $true -TlsCertificateName [s]subject name
To get the subject name of the certificate use the Get-ExchangeCertificate cmdlet.
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale