Changing Exchange 2010 POP3 to TLS port 995?
I'm trying to change the ports on our Exchange 2010 server so people with smartphones that have ports 25 and 110 blocked can still send/receive using ports 465 and 995 (TLS?). The SSL cert from Network Solutions is the Wildcard SSL (according to their
tech support) which is ungodly expensive at $549/year! They say there is NO CHEAPER alternative to this. Before I commit to that level of expense, I wanted to get the experts' opinions. Is there a way to do this without spending that kind of money and still
get a secured port(s) for Exchange 2010? Thanks for any help!
May 9th, 2011 5:18pm
On Mon, 9 May 2011 21:10:43 +0000, ComputerD00d wrote:
>I'm trying to change the ports on our Exchange 2010 server so people with smartphones that have ports 25 and 110 blocked can still send/receive using ports 465 and 995 (TLS?).
Use port 587 for SMTP client submission. Port 465 stopped being a good
choice long ago (and it was never accepted as a standard, either).
>The SSL cert from Network Solutions is the Wildcard SSL (according to their tech support) which is ungodly expensive at $549/year!
You only need a SSL cert. If you need multiple names, use a SAN/UCC
certificate. Wildcard certs won't work with things like ActiveSync.
>They say there is NO CHEAPER alternative to this.
http://www.digicert.com/
http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039
+ others
>Before I commit to that level of expense, I wanted to get the experts' opinions. Is there a way to do this without spending that kind of money and still get a secured port(s) for Exchange 2010? Thanks for any help!
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2011 11:06pm
So just a standard $39 SSL cert will allow me to do this? I wonder why they tried to sell me a $500 one! I only need it for my company domain name so it won't need multiple domains/subdomains. Port 587 it is. Thanks for the info!
May 10th, 2011 12:27pm
On Tue, 10 May 2011 16:24:49 +0000, ComputerD00d wrote:
>So just a standard $39 SSL cert will allow me to do this?
It should be sufficient.
>I wonder why they tried to sell me a $500 one!
I have n idea what questions you were asked, or how you answered them,
so I can't comment on what they told you was necessary.
>I only need it for my company domain name so it won't need multiple domains/subdomains. Port 587 it is. Thanks for the info!
If you use autodiscover, or have a fqdn for OWA that's different to
the one you use for POP/IMAP/autodoscover, then you probably do have
multiple domain names. But a SAN/UCC certificate would be be better
than an wildcard cert in that case. Or you could use the DNS SRV
record method of publishing the autodiscover name and just get by with
an inexpensive single-name SSL cert.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2011 5:56pm
All I asked the lady was what I needed to be able to use SSL on Exchange 2010 for TLS. She said that was the ONLY one that would work. Sounds like a gimmick to me. Thanks for the info. I'll get right on it.
May 11th, 2011 4:06pm
Maybe you can know more about Exchange 2010 TLS certificates from this document:
Understanding TLS Certificates
http://technet.microsoft.com/en-us/library/aa998840.aspx
When you try to configure POP3 to use TLS or SSL, please refer to this document:
Configure POP3 to Use TLS or SSL
http://technet.microsoft.com/en-us/library/aa997290.aspx
Thanks,
Evan
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2011 10:23am
Quotes from Dec 2010 for SAN cert with 6 subject names.
Digi Cert would be $965 for 3yrs
Go Daddy would be $420 for 3 yrs
Wild card from Digi Cert is $1425 for 3 yrsJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
May 14th, 2011 3:06pm