Using SSL to Communicate with Exchange Server

Applies To: Windows Server 2003 with SP1

A best practice in using the SMTP exit module of a certification authority with a Microsoft Exchange 2000 Server is to configure the CA to communicate with the Exchange Server over SSL (SMTP Protocol). The following steps should be implemented to enable this enhanced security configuration once the SMTP exit module is already configured on the CA for operation:

Make sure the Root CA that issued the server certificate for the Exchange Server is trusted by the CA.

Configure the Exchange Server SMTP Protocol to use SSL by enrolling for a Server Certificate using the Wizard in the Exchange System Manager console.

Open the Exchange System Manager on the Exchange server by selecting Start >

Programs > Microsoft Exchange > System Manager.

In the left-pane view, expand Servers > SERVER_NAME > Protocols > SMTP > Default SMTP Virtual Server.

Right-click Default SMTP Virtual Server, and then select Properties.

Click the Access tab, and then select the Certificate button under Secure communication.

Follow the directions in the Wizard and when completed, go back to the Default SMTP Virtual Server Properties and select Communication.

Select the Require secure channel checkbox. It is recommended to set Require 128-bit encryption.

At a CMD prompt on the CA, type the following command:

certutil -setreg exit\smtp\https://schemas.microsoft.com/cdo/configuration/smtpusessl 1 

Note

This will add a REG_SZ value: https://schemas.microsoft.com/cdo/configuration/smtpusessl with a value of 1 to the SMTP key in the registry.