In his blog, “Verify Microsoft Online Services Transport Layer Security (TLS) E-mail Delivery”, Ryan Phillips describes how to secure email message delivery between on-premise and online environments.

First off, an administrator must determine whether Transport Layer Security (TLS) was used during Message Delivery. Once this is established then an administrator should verify that TLS is also being used in the opposite direction. Both tests are performed under the assumption that the on-premise Simple Mail Transfer Protocol (SMTP) Connector has been configured to request a TLS Session.

TLS is the Internet Engineering Task Force (IETF) standard protocol that ensures privacy and security between two applications that communicate over a network. TLS encrypts communications and enables clients to authenticate servers and, optionally, servers to authenticate clients. TLS is a more secure version of the Secure Socket Layer (SSL) protocol on which TLS is based. Netscape developed the Secure Socket Layer protocol for protecting communications. Functionally, both TLS and SSL are equivalent.

Continue reading Explaining Email Delivery Verification: TLS and CAs

Certificates and encryption utilizing them play a critical role in modern systems and network security. Even if none of your email users has a client certificate in their email application, and they’re not using PKI for a VPN connection, they’re using certificates in more than a couple of places on a Windows network with Active Directory and Microsoft Exchange. You say, “Clemmer, I know all this, so what?”

Certificate Import Wizard

As I discovered recently, the need to renew certificates only once every year, two years, or more, can make for some hair-pulling troubleshooting with turnover with IT departments often shorter than that time period and likely sparse internal documentation for the many “set it and forget it” configuration components of the CA infrastructure.

Continue reading Microsoft Certification Authority, Certificates, Your AD forest, and More