Dear  EXCHANGE EXPERTS,

I am a newbie in "Exchange World" and I try hard to learn and figure out how Exchange messaging works.
Sometimes the searches for information are gratified with wonderful articles and blogs, but sometimes days of searches bring you nothing but tiredness.

I cannot find a clear information (step-by-step) how to exchange the certificates with the Partner company for TLS mutual communication in Exchange 2013.

 I would appreciate the help of experts.

Hello

tip: http://goo.gl/5mn1vX

Thank you for your quick response!

I know this grate article, but there is also not explained  'How' to export/import the certificates on both sides.
In Step 1. Establish certificate trust between organizations is only mentioned:
"... If thats not the case you will have to cross-import Root CA certificates on both sides."

And I am looking for detailed steps how to do it, assuming that the Edge Server 2013 is already in place. Also I cannot find information about where the certificate will be installed - in 'Trusted Root Certification Authorities' store?  &nbs

to understand certificates - this will be your starting point

Hello

"You can do it on several ways. If both organizations are using publicly trusted certificate on Exchange servers, you are good to go. If thats not the case you will have to cross-import Root CA certificates on both sides. Alternatively, you can also issue certificates for SMTP for both Exchange organization from a single trusted RootCA. Anyway, the point is that each Exchange server must trust the certificate installed (and assigned to SMTP service) on another Exchange server"

'Trusted Root Certification" -->yes /local computer/

if your company and partner company have a public cert and assigned to smtp service not need do anything with cert.
if not have public cert but have cert from own internal ca booth company, you need cross-import Root CA certificates to exch servers and is ok. you send root ca caert to company and partner company send  his own root  certificate and that inport to local computer 'Trusted Root Certification" store on exch server.
if not have internal ca only self signed you need send self signed cert

Grate! Thank you!

Now it becomes more clear.
In case if self signed certs - should them be installed local on Edge Server or on Hardware Load Balancer, or on Mailbox Server, where the Send Connector is configured?

And in case if on both sides certs are from Public Trusted Certificate Authority then on both sides of companies Administrators should only configure: Domain Security (Set-TransportConfig) , the Send and Receive connectors and nothing more?  I mean if the Trust Relationship are already c

Hello

if have public cert import to edge server /pfx/ "computer account personal certificate store"  an enable smtp service.
and set transportconf... and enable logging and test.

Thank you very much!

I appreciate your help.

 Now it is clear for me.

Thank you!